The AFP CLI is the command line interface to access the AWS Federation Proxy (AFP).
Its main use case is starting a new shell where your temporary AWS credentials have been exported into the environment.
The afp command can be configured through yaml files in the following direcories:
/etc/afp-cli/*.yaml(global configuration)$HOME/.afp-cli/*.yaml(per-user configuration)
The yaml files are read in lexical order and merged via yamlreader. The following configuration options are supported:
api_url: <api-url>Defaults to lookup a FQDN of a host named afp via DNS and construct the server url from it:https://{FQDN}/afp-api/latestuser: <username>Defaults to the currently logged in username
Example:
api_url: https://afp-server.my.domain/afp-api/latest
user: myuser$ afp [-h | --help]For the currently logged-in user:
$ afpThe same for another user:
$ afp --user=usernameOutput format:
<accountname> <role1>,<role2>,...,<roleN>
Example output:
abc_account some_role_in_abc_account xyz_account some_role_in_yxz_account,another_role_in_xyz
This starts a subshell in which the credentials have been exported into the environment. Use the exit command or press CTRL+D to terminate the subshell.
Use credentials for currently logged in user and specified account and role:
$ afp accountname rolenameUse credentials for the currently logged in user for the first role:
$ afp accountnameAs above, but specifying a different user:
$ afp --user=username accountname rolenameSpecify the URL of the AFP server, overriding any config file:
$ afp --api-url=https://yourhost/some/path