Skip to main content

A program to create deterministic zip files.

Project description

aws_longer

aws_longer is a tool to replace assume-role with a few significant benefits:

  1. MFA tokens need only be entered once every 36 hours.
  2. Sessions can be shared across terminals, and persist across reboots.

Both of the above are accomplished by storing the session credentials, and assumed credentials in the user's keychain.

Installation

Install this package via:

pip install aws_longer

If you'd like to use this package with your yubikey please run:

pip install aws_longer[yubikey]  # Escape the brackets in zsh

Assuming a Role

aws_longer role ROLENAME AWS_ACCOUNT

The above will open a new shell setting the appropriate AWS_ environment variables. If this is the first time you are running this command, or it has been 36 hours since you last input your MFA token, then you will be prompted to input your MFA token.

AWS_ACCOUNT can either be an AWS account ID, or an alias to an AWS account ID.

If you'd like to prevent opening a new shell, you can instead run, but be careful because if there are any errors, the result will terminate your shell-program:

exec aws_longer role ROLENAME AWS_ACCOUNT

Using the Temporary Session

Rather than assuming a specific role, one can directly utilize the 36-hour temporary session via:

aws_longer

Using this temporary session is beneficial if, for example, you require MFA to assume roles, and you'd like to be able to run terraform apply with a provider that assumes a specific role.

AWS Account ID Alias

AWS account ID aliases can be defined in ~/.aws/accounts, which is a JSON file of the following format:

{
  "default": "123456789012",
  "staging": "123456789012",
  "production": "123456789012"
}

This aliasing format is the same as was used in assume-role in order to ease transitioning.

Avoid token prompting

If you happen to use a program to generate your MFA token, you might prefer to pass the token directly as part of the command invocation instead of via a prompt to STDIN. Do that via:

aws_longer --mfa-token TOKEN role ROLENAME AWS_ACCOUNT

In said cases, the MFA token will only be used if it's necessary to do so.

Yubikeys

If you are using a Yubikey in TOTP mode, you can use it via:

aws_longer --yubikey NAME role ROLENAME AWS_ACCOUNT

To discover the name on your yubikey, you can list all names via:

ykman oath list

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aws_longer-0.4.0.tar.gz (6.5 kB view details)

Uploaded Source

Built Distribution

aws_longer-0.4.0-py3-none-any.whl (6.3 kB view details)

Uploaded Python 3

File details

Details for the file aws_longer-0.4.0.tar.gz.

File metadata

  • Download URL: aws_longer-0.4.0.tar.gz
  • Upload date:
  • Size: 6.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.57.0 CPython/3.9.1

File hashes

Hashes for aws_longer-0.4.0.tar.gz
Algorithm Hash digest
SHA256 b5a306f74ca837d2c05b6957a3da46db519c45a5f5b426b99b2c4e63319429a0
MD5 bb1132405093db4c2636fe523fbe0915
BLAKE2b-256 d422bc3f908133e1d4527d1c51c9d67440b4b4eac3ca5e92e8f6af8427e90363

See more details on using hashes here.

File details

Details for the file aws_longer-0.4.0-py3-none-any.whl.

File metadata

  • Download URL: aws_longer-0.4.0-py3-none-any.whl
  • Upload date:
  • Size: 6.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.57.0 CPython/3.9.1

File hashes

Hashes for aws_longer-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d072bdac5ce443f8cfb4ea5d0aa90aedaffbbd7558fc0242e0bc1ffc7f6424c1
MD5 1c510e09829fdcc54b7fe8b919493240
BLAKE2b-256 5fbfe31a2496f27395dcdc23d1de170cae928f7fd96087a26b2f1b5fe0b3f825

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page