#role #sts #aws #token #aws-cli #cli

app stscli

CLI to get temporary session tokens from Amazon's AWS STS Api

3 releases (breaking)

Uses old Rust 2015

0.3.0 Sep 4, 2017
0.2.0 Apr 23, 2017
0.1.0 Apr 12, 2017

#834 in Authentication

Apache-2.0

25KB
575 lines

Stscli

A command line application for acquiring and using Amazon STS session tokens with IAM roles.

Usage

List the available profiles (from .aws/config and .aws/credentials):

stscli list

Acquire some tokens and display them for pasting into a bash shell:

stscli --profile foo get --export --format bash

Acquire some tokens and print the iam user using the aws cli:

stscli --profile foo exec aws iam get-user

You will want to configure at least a single set of credentials in ~/.aws/credentials

[myprofile]
aws_access_key_id=foo
aws_secret_access_key=bar

You can also add further profiles to ~/.aws/config

[profile myroleprofile]
source_profile=myprofile
role_arn=arn:aws:iam:....

You can then pass either "myprofile" or "myroleprofile" to the stscli as the profile to use.

You can override the role arn and region and also the role session name by passing additional options. See --help.

To use MFA with a role, use a command like the following:

stscli -p profile -s arn:aws:iam::999999999999:mfa/user -t 999999 exec -- aws ec2 describe-instances

Instead of the mfa arn you can also use a serial number.

There is a bash completion script. Ensure stscli is on your PATH and source this in your bash profile to get hints. In particular you can press tab after the --profile option to get a list of available profiles.

Dependencies

~19–31MB
~606K SLoC