A program to create deterministic zip files.
Project description
aws_longer
aws_longer is a tool to replace
assume-role with a few significant
benefits:
- MFA tokens need only be entered once every 36 hours.
- Sessions can be shared across terminals, and persist across reboots.
Both of the above are accomplished by storing the session credentials, and assumed credentials in the user's keychain.
Installation
Install this package via:
pip install aws_longer
If you'd like to use this package with your yubikey please run:
pip install aws_longer[yubikey] # Escape the brackets in zsh
Assuming a Role
aws_longer role ROLENAME AWS_ACCOUNT
The above will open a new shell setting the appropriate AWS_ environment
variables. If this is the first time you are running this command, or it has
been 36 hours since you last input your MFA token, then you will be prompted to
input your MFA token.
AWS_ACCOUNT can either be an AWS account ID, or an alias to an AWS account
ID.
If you'd like to prevent opening a new shell, you can instead run, but be careful because if there are any errors, the result will terminate your shell-program:
exec aws_longer role ROLENAME AWS_ACCOUNT
Using the Temporary Session
Rather than assuming a specific role, one can directly utilize the 36-hour temporary session via:
aws_longer
Using this temporary session is beneficial if, for example, you require MFA to
assume roles, and you'd like to be able to run terraform apply with a
provider that assumes a specific role.
AWS Account ID Alias
AWS account ID aliases can be defined in ~/.aws/accounts, which is a JSON
file of the following format:
{
"default": "123456789012",
"staging": "123456789012",
"production": "123456789012"
}
This aliasing format is the same as was used in assume-role in order to ease transitioning.
Avoid token prompting
If you happen to use a program to generate your MFA token, you might prefer to pass the token directly as part of the command invocation instead of via a prompt to STDIN. Do that via:
aws_longer --mfa-token TOKEN role ROLENAME AWS_ACCOUNT
In said cases, the MFA token will only be used if it's necessary to do so.
Yubikeys
If you are using a Yubikey in TOTP mode, you can use it via:
aws_longer --yubikey NAME role ROLENAME AWS_ACCOUNT
To discover the name on your yubikey, you can list all names via:
ykman oath list
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aws_longer-0.4.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d072bdac5ce443f8cfb4ea5d0aa90aedaffbbd7558fc0242e0bc1ffc7f6424c1 |
|
| MD5 | 1c510e09829fdcc54b7fe8b919493240 |
|
| BLAKE2b-256 | 5fbfe31a2496f27395dcdc23d1de170cae928f7fd96087a26b2f1b5fe0b3f825 |
