Metadata-Version: 2.1
Name: awscli-bastion
Version: 0.1.0
Summary: bastion extends the default behavior of using an IAM role in the awscli by caching STS credentials for up to 12 hours. Then we can securely use IAM roles with the awscli through the bastion account without needing to re-enter the mfa code.
Home-page: https://github.com/aidanmelen/aws_bastion
Author: Aidan Melen
Author-email: aidan.l.melen@gmail.com
License: Apache
Description: 
        -------
        bastion
        -------
        
        -----------
        Description
        -----------
        
        `bastion` extends the default behavior of `using an IAM role in the awscli`_ by caching STS credentials for up to 12 hours. Then we can securely use `IAM roles with the awscli`_ through the bastion account without needing to re-enter the mfa code.
        
        -------
        Install
        -------
        
        ::
        
            $ git clone https://github.com/aidanmelen/awscli_bastion --branch dev0.1.0
            $ pip install awscli_bastion/
        
        ---------
        Configure
        ---------
        
        *~/.aws/cli/alias*::
        
            [toplevel]
        
            bastion =
                !f() {
                    bastion
                }; f
        
        *~/.aws/credentials*::
        
            # (required) aws bastion profiles
        
            [bastion] # these are fake credentials
            aws_access_key_id = ASIA554SXDVIHKO5ACW2
            aws_secret_access_key = VLJQKLEqs37HCDG4HgSDrxl1vLNrk9Is8gm0VNfA
        
            [bastion-sts]
            mfa_serial = arn:aws:iam::123456789012:mfa/aidan-melen
            credential_process = aws bastion
            source_profile = bastion
        
        
            # (optional) aws assume role profiles
        
            [dev]
            role_arn = arn:aws:iam::234567890123:role/admin
            source_profile = bastion-sts
        
            [stage]
            role_arn = arn:aws:iam::345678901234:role/poweruser
            source_profile = bastion-sts
        
            [prod]
            role_arn = arn:aws:iam::456789012345:role/spectator
            source_profile = bastion-sts
        
        *~/.aws/config*::
        
            [default]
            region = us-west-2
            output = json
        
        -----
        Usage
        -----
        
        Run awscli commands normally and the `credential_process` will handle the bastion mfa::
        
            $ aws sts get-caller-identity --profile dev
            {
                "UserId": "AROAICXOEQ536RVKSK7LW:botocore-session-1234567890",
                "Account": "123456789012",
                "Arn": "arn:aws:sts::234567890123:assumed-role/admin/botocore-session-1234567890"
            }
        
            $ aws sts get-caller-identity --profile stage
            {
                "UserId": "ASIA554SWZVIOJNP7FPTS:botocore-session-2345678901",
                "Account": "345678901234",
                "Arn": "arn:aws:sts::345678901234:assumed-role/poweruser/botocore-session-2345678901"
            }
        
            $ aws sts get-caller-identity --profile prod
            {
                "UserId": "ASIA554BTZVILOXNQR5CD:botocore-session-3456789012",
                "Account": "456789012345",
                "Arn": "arn:aws:sts::456789012345:assumed-role/spectator/botocore-session-3456789012"
            }
        
        .. _`using an IAM role in the awscli`: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html
        .. _`IAM roles with the awscli`: https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#using-aws-iam-roles
Platform: UNKNOWN
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.3
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Operating System :: MacOS
Classifier: Operating System :: Microsoft :: Windows
Classifier: Operating System :: POSIX
Description-Content-Type: text/x-rst
