3 个不稳定版本
| 0.2.2 | 2022年6月15日 |
|---|---|
| 0.2.0 | 2021年4月15日 |
| 0.1.0 | 2020年10月25日 |
#562 in 身份验证
73KB
1.5K SLoC
aws-masquerade
CLI 工具,允许您使用假设角色登录和检索 AWS 暂时凭证。
安装
从二进制文件
查看 发布页面 以获取不同架构的预构建版本 aws-masquerade。
从源代码
cargo install aws-masquerade
用法
aws-masquerade 0.2.0
sinofseven
AWS Assume Role CLI Tool
USAGE:
aws-masquerade [SUBCOMMAND]
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
SUBCOMMANDS:
add add a account
assume exec assume role
config-path show path of config file
edit edit a account
help Prints this message or the help of the given subcommand(s)
list list accounts
remove remove a account
validate validate config
view view a account
aws-masquerade add:添加账户
要将账户添加到 aws-masquerade,只需运行以下命令并按照提示操作。
$ aws-masquerade add
account name (required): account_name # account name (using for assumed profile name)
source profile name []: # source profile for assumimg role
role arn (required): arn:aws:iam::000000000000:role/target-role # target iam role arn for assumeing role
mfa arn []: arn:aws:iam::000000000000:mfa/user-name # virtual mfa device arn (if using mfa)
mfa secret []: SDI7UGDNQ5NURIUPBOWEUTHIDBIT6DRHR4WLWS7N7C3C6VS3LJKNWHL2JZIFIUYI # secret of virtual mfa device
Select Credential Output Type: # output format of assume role result
[0] SharedCredentials # adding to shared config
[1] bash # bash style. export AWS_ACCESS_KEY_ID="xxxxxxxxxxxx"
[2] fish # fish style. set -x AWS_ACCESS_KEY_ID "xxxxxxxxxxxx"
[3] PowerShell # PowerShell style. $env:AWS_ACCESS_KEY_ID="xxxxxxxxxxxx"
> [0]:
Select awscli output type: # the output from the AWS Command Line Interface (AWS CLI).
[0] json
[1] text
[2] table
> []:
Default Region Name []: ap-northeast-1 # set default region
Generated Account
{
"test": {
"sourceProfile": null,
"roleArn": "arn:aws:iam::148005307600:role/aws-initialize-stack/administrator",
"mfaArn": "arn:aws:iam::261267950596:mfa/yuta",
"mfaSecret": "SDI7UGDNQ5NURIUPBOWEUTHIDBIT6DRHR4WLWS7N7C3C6VS3LJKNWHL2JZIFIUYI",
"credentialOutput": "SharedCredentials",
"output": null,
"region": "ap-northeast-1"
}
}
Do you confirm add account? (y/n) [y]:
aws-masquerade assume -a account-name:执行假设角色
$ aws-masquerade assume --help
aws-masquerade-assume
exec assume role
USAGE:
aws-masquerade assume [OPTIONS] --account-name <account>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
-a, --account-name <account> Name of the account
-c, --credential-output-target <assume_type>
Output Target [possible values: bash, fish, PowerShell, SharedCredentials]
-t, --mfa-token <token> Input Mfa Token
如果您使用 MFA,可选或交互式地输入 MFA 令牌。
如果您已注册 MFA 秘密,MFA 令牌将自动填充。
凭证输出类型
CredentialOutput: SharedCredentials
假设角色的结果将添加到 SharedConfig。
CredentialOutput: bash
$ aws-masquerade assume -a account-name
export AWS_ACCESS_KEY_ID="XXXXXXXXXXXXXXXXXXXX"
export AWS_SECRET_ACCESS_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
export AWS_SESSION_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
export AWS_SECURITY_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
# Run this to configure your shell:
# eval $(aws-masquerade assume -a account-name)
CredentialOutput: fish
$ aws-masquerade assume -a account-name
set -gx AWS_ACCESS_KEY_ID "XXXXXXXXXXXXXXXXXXXX"
set -gx AWS_SECRET_ACCESS_KEY "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
set -gx AWS_SESSION_TOKEN "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
set -gx AWS_SECURITY_TOKEN "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
# Run this to configure your shell:
# eval (aws-masquerade assume -a account-name)
CredentialOutput: PowerShell
$ aws-masquerade assume -a account-name
$env:AWS_ACCESS_KEY_ID="XXXXXXXXXXXXXXXXXXXX"
$env:AWS_SECRET_ACCESS_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
$env:AWS_SESSION_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
$env:AWS_SECURITY_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
# Run this to configure your shell:
# aws-masquerade assume -a account-name | Invoke-Expression
aws-masquerade view -a account-name:查看账户配置
$ aws-masquerade view --help
aws-masquerade-view
view a account
USAGE:
aws-masquerade view --account-name <account>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
-a, --account-name <account> Name of the account
$ aws-masquerade -a account-name
{
"account-name": {
"sourceProfile": null,
"roleArn": "arn:aws:iam::000000000000:role/xxxxxxxxxxx",
"mfaArn": "arn:aws:iam::000000000000:mfa/xxxxxxxxxxx",
"mfaSecret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"credentialOutput": "SharedCredentials",
"output": null,
"region": "ap-northeast-1"
}
}
aws-masquerade list:显示账户列表
$ aws-masquerade list
account-001
account-002
account-003
aws-masquerade edit -a account-name:编辑现有账户
$ aws-masquerade edit --help
aws-masquerade-edit
edit a account
USAGE:
aws-masquerade edit --account-name <account>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
-a, --account-name <account> Name of the account
egit 提示符几乎与添加提示符相同。
aws-masquerade remove -a account-name:删除账户
$ aws-masquerade remove --help
aws-masquerade-remove
remove a account
USAGE:
aws-masquerade remove --account-name <account>
FLAGS:
-h, --help Prints help information
-V, --version Prints version information
OPTIONS:
-a, --account-name <account> Name of the account
aws-masquerade config-path:显示配置文件路径
$ aws-masquerade config-path
/home/codespace/.config/aws-masquerade/config.json
aws-masquerade validate:验证配置文件
aws-masquerade validate
作者
依赖关系
~25–39MB
~733K SLoC