3 releases (breaking)
Uses old Rust 2015
0.3.0 | Sep 4, 2017 |
---|---|
0.2.0 | Apr 23, 2017 |
0.1.0 | Apr 12, 2017 |
#10 in #sts
25KB
575 lines
Stscli
A command line application for acquiring and using Amazon STS session tokens with IAM roles.
Usage
List the available profiles (from .aws/config
and .aws/credentials
):
stscli list
Acquire some tokens and display them for pasting into a bash shell:
stscli --profile foo get --export --format bash
Acquire some tokens and print the iam user using the aws cli:
stscli --profile foo exec aws iam get-user
You will want to configure at least a single set of credentials in ~/.aws/credentials
[myprofile]
aws_access_key_id=foo
aws_secret_access_key=bar
You can also add further profiles to ~/.aws/config
[profile myroleprofile]
source_profile=myprofile
role_arn=arn:aws:iam:....
You can then pass either "myprofile" or "myroleprofile" to the stscli as the profile to use.
You can override the role arn and region and also the role session name by passing additional options. See --help
.
To use MFA with a role, use a command like the following:
stscli -p profile -s arn:aws:iam::999999999999:mfa/user -t 999999 exec -- aws ec2 describe-instances
Instead of the mfa arn you can also use a serial number.
There is a bash completion script. Ensure stscli
is on your PATH
and source this in your bash profile to get hints.
In particular you can press tab after the --profile
option to get a list of available profiles.
Dependencies
~23–32MB
~642K SLoC