diff --git a/README.md b/README.md index 627c9b9..281f91f 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,21 @@ [![Build Status](https://travis-ci.org/leflamm/afpre.svg?branch=master)](https://travis-ci.org/leflamm/afpre) [![GitHub release](https://img.shields.io/github/release/leflamm/afpre.svg)](https://github.com/leflamm/afpre/releases/latest) -Simple script to access the AWS Federation Proxy (AFP). Its main use case is starting a new shell where your temporary AWS credentials have been exported into the environment. +Simple script to access the [AWS Federation Proxy (AFP)](https://docs.aws.amazon.com/amp/latest/userguide/install-option-connector.html) or [AWS Security Token Service (STS)](https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html). Its main use case is starting a new shell where your temporary AWS credentials have been exported into the environment. Inspired by https://github.com/ImmobilienScout24/afp-cli +# Flavours + +## AWS Federation Proxy (AFP) + +When used with an AFP server, performs basic auth towards the configured host, obtains and extracts temporary credentials. + +## AWS Security Token Service + +When used with the AWS STS, performs `aws sts assume-role` call with configured role and account, obtains and extracts temporary credentials. + +# Features + ## No Expired Tokens The started `bash` will notice when the AWS tokens are about to expire. It will then renew the necessary tokens itself. No need to log out and in again. @@ -63,7 +75,7 @@ Commands can also be Bash functions. Make sure to export them using `export -f < $ cat ~/.afpre ACCOUNT= ROLE= -HOST= +HOST= # not mandatory if STS mode used _PATH= NAME= # optional PW= # optional, I wouldn't put it here diff --git a/afpre b/afpre index f58542c..912ae1b 100755 --- a/afpre +++ b/afpre @@ -57,10 +57,11 @@ usage: ${0} [OPTIONS] (-- COMMAND) OPTIONS --help ... print this help --account= ... authenticate for this account, supersedes - any definition in ${CFG} + any definition in ${CFG} --role= ... authenticate as this role, supersedes - any definition in ${CFG} + any definition in ${CFG} --example-cfg ... create an example config file at ${CFG} + --sts ... go through aws sts login process instead of federation proxy --debug ... enable debugging --version ... print version EOF @@ -73,11 +74,11 @@ do_example_cfg() { echo saving existing ${CFG} to ${CFG}.bak mv ${CFG} ${CFG}.bak } - + cat > $CFG << EOF ACCOUNT=my.account ROLE=my.role -HOST=my.afp.host +HOST=my.afp.host # not mandatory if --sts used _PATH=/afp-api/latest/account #PATTERN=\\\${ACCOUNT}/\\\${ROLE} # This will appear in front of the prompt #NAME=my.name @@ -88,7 +89,7 @@ EOF } longoption_value() { - grep -o -- "--${1}=[^ ]*" <<< $ARGS| cut -d"=" -f2 + grep -o -- "--${1}=[^ ]*" <<< $ARGS| cut -d"=" -f2 } get_command() { @@ -96,6 +97,7 @@ get_command() { } DEBUG=false +AWS_NATIVE=false ARGS="${@}" options_contain '--help' && do_help @@ -104,6 +106,7 @@ options_contain '--account' && ADHOC_ACCOUNT=$(longoption_value account) options_contain '--role' && ADHOC_ROLE=$(longoption_value role) options_contain '--example-cfg' && do_example_cfg options_contain '--debug' && DEBUG=true +options_contain '--sts' && AWS_NATIVE=true $DEBUG && set -x @@ -113,14 +116,15 @@ variable_empty "${ADHOC_ACCOUNT}" && check_config_key ACCOUNT variable_empty "${ADHOC_ROLE}" && check_config_key ROLE check_config_key ROLE check_config_key _PATH -check_config_key HOST +! "${AWS_NATIVE}" && check_config_key HOST source $CFG variable_empty "${ADHOC_ACCOUNT}" || ACCOUNT="${ADHOC_ACCOUNT}" variable_empty "${ADHOC_ROLE}" || ROLE="${ADHOC_ROLE}" variable_empty "${NAME}" && read -p "username: " NAME -variable_empty "${PW}" && { + +! "${AWS_NATIVE}" && variable_empty "${PW}" && { read -p "password: " -s PW echo } @@ -141,8 +145,8 @@ RCFILE=$(mktemp) cat > $RCFILE <