获取aws角色的临时凭据。
awsudo的Python项目详细描述
awsudo是一个命令行工具,它从STS请求临时凭据 使用IAM role。
如果MFA已启用, 系统将提示您输入令牌代码。
用法
首先,您需要在~/.aws/credentials:
中定义凭据[default]aws_access_key_id=AKIAIJFLKDSJFKLDSZ2Qaws_secret_access_key=Eoz3FDKJLSfdsJLKFDjflsFDjklJFDjfdFDjdOKa
然后在~/.aws/config:
中定义您的配置文件[profile administrator@development]role_arn=arn:aws:iam::00000000002:role/administratorsource_profile=defaultmfa_serial=arn:aws:iam::00000000001:mfa/pmuller[profile administrator@staging]role_arn=arn:aws:iam::00000000003:role/administratorsource_profile=defaultmfa_serial=arn:aws:iam::00000000001:mfa/pmuller[profile administrator@production]role_arn=arn:aws:iam::00000000004:role/administratorsource_profile=defaultmfa_serial=arn:aws:iam::00000000001:mfa/pmuller
您可以使用awsudo来获取准备好使用的临时凭据 环境变量:
$ awsudo administrator@staging Enter MFA code: AWS_ACCESS_KEY_ID=ASIAJFSDLKJFS3VLA AWS_SECRET_ACCESS_KEY=UKvIegRLKJSFLKJFDSLKFJSDLKJ AWS_SESSION_TOKEN=FQoDYXdzEHIaDONIt4M0O10zRms0ac2.....
或者直接运行另一个在其 环境:
$ awsudo administrator@development aws iam list-groups Enter MFA code: { "Groups": [ { "Path": "/", "CreateDate": "2016-08-01T02:13:52Z", "GroupId": "AGPAILKJFSDLFKJSDLFS2", "Arn": "arn:aws:iam::1234567890:group/administrators", "GroupName": "administrators" }, { "Path": "/", "CreateDate": "2016-08-01T02:24:05Z", "GroupId": "AGPAFSJDKLJFDSLKJFST6", "Arn": "arn:aws:iam::1234567890:group/users", "GroupName": "users" } ] }
开发
运行测试:
$ make check