html/HTML5>> afpre>> 返回
项目作者: leflamm

项目描述 :
CLI for the AWS Federation Proxy
高级语言: Shell
项目地址: git://github.com/leflamm/afpre.git
创建时间: 2017-04-03T10:19:50Z
项目社区:https://github.com/leflamm/afpre
开源协议:Apache License 2.0
下载


Simple script to access the AWS Federation Proxy (AFP). Its main use case is starting a new shell where your temporary AWS credentials have been exported into the environment.

Inspired by https://github.com/ImmobilienScout24/afp-cli

No Expired Tokens

The started bash will notice when the AWS tokens are about to expire. It will then renew the necessary tokens itself. No need to log out and in again.

  1. $ ./afpre 
  2. token expired - need to renew...
  3. authenticating as some.user for some.account/some.role against some.afp.host
  4. done.
  5. AFP| ~/git/hub/afpre$ # do some work ...
  6. AFP| ~/git/hub/afpre$ # typically for an hour or so ...
  7. AFP| ~/git/hub/afpre$ # your tokens have expired ...
  8. token expired - need to renew...
  9. authenticating as some.user for some.account/some.role against some.afp.host
  10. done.
  11. AFP| ~/git/hub/afpre$ # do some more work ...

You can type awsenv to print aws-specific environment information.

Manual Renewal

Whithin an afpre session you can - if you feel the need - manually trigger a token renewal. Either only if your old tokens have expired …

  1. $ condrenew

… or even unconditionally by calling

  1. $ renew

You can call awsenv to check for your current AWS credentials.

  1. AFP| ~/git/hub/afpre$ awsenv 
  2. AWS_ROLE=admin
  3. AWS_SECRET_ACCESS_KEY=...
  4. AWS_VALID_SECONDS=3600
  5. AWS_ACCOUNT=...
  6. AWS_SESSION_TOKEN=...
  7. AWS_ACCESS_KEY_ID=...
  8. AWS_SECURITY_TOKEN=...

In case you find that condrenew command somewhat useless you got it pretty much right - because that’s what afpre does anyway. But since version 0.9.15 both commands are available for subprocesses as well. So even (e. g.) running scripts could trigger their own token renewals.

Run Commands in an afpre Session

You can pass commands to afpre after a separating --. The session will close immediatly after the command has exited. Typically this is very usefull when iterating over accounts and running a command in all of them.

  1. $ ./afpre [OPTIONS] -- <command>

Commands can also be Bash functions. Make sure to export them using export -f <function name> to make them available in the afpre session.

Configuration

  1. $ cat ~/.afpre 
  2. ACCOUNT=<your desired account>
  3. ROLE=<your desired role>
  4. HOST=<your afp host>
  5. _PATH=<your path to service endpoint, typically "/afp-api/latest/account">
  6. NAME=<your username> # optional
  7. PW=<your password> # optional, I wouldn't put it here
  8. PATTERN=\${ACCOUNT}/\${ROLE} # optional, the message you want to see in front of the prompt
  9. RENEW_INT=<custom token renew interval> # optional, defaults to token's expiry
  10. INSECURE=<true|false> # optional, perform "insecure" SSL connections, defaults to false

Use option --example-cfg to create an example configuration file.

Available Packages

See https://github.com/leflamm/afpre/releases

  • .deb
  • .rpm