Metadata-Version: 2.1
Name: aws-fusion
Version: 1.3
Summary: Unified CLI tool for streamlined AWS operations
Home-page: https://github.com/snigdhasjg/aws-fusion
Author: Snigdhajyoti Ghosh
Author-email: snigdhajyotighos.h@gmail.com
License: MIT License
Keywords: aws,aws-sdk,aws-cli,aws-authentication,aws-sdk-python,aws-auth
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: Operating System :: OS Independent
Classifier: Development Status :: 4 - Beta
Classifier: Topic :: Utilities
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: boto3 >=1.29
Requires-Dist: pyperclip >=1.8
Requires-Dist: keyring >=24.3
Requires-Dist: beautifulsoup4 >=4.12
Requires-Dist: requests >=2.31

# aws fusion
Unified CLI tool for streamlined AWS operations, enhancing developer productivity

[![Tag][tag-badge]][tag]
[![Tagging][actions-workflow-tagging-badge]][actions-workflow-tagging]

## Installation
Install via pip install

```shell
pip install aws-fusion
```

## Command line tool
To invoke the cli, there are 2 option
1. Directly use `aws-fusion` command
2. Use it via [aws cli alias](https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-alias.html) with `aws fusion`

---
## Usage of `open-browser`
> Try `aws-fusion open-browser --help` for detailed parameter

- Make AWS credentials available via aws profile 
- Execute the script: `aws-fusion open-browser --profile my-profile`
- :tada: Your browser opens, and you are signed in into the AWS console

### Use cases
This only works with assume-role and federated-login, doesn't work with IAM user or user session.

#### IAM assume role
Profiles that use IAM roles pull credentials from another profile, and then apply IAM role permissions. 

In the following examples, `iam-user` is the source profile for credentials and `iam-assume-role` borrows the same credentials then assumes a new role.

**Credentials file**
```
[profile iam-user]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
```

**Config file**
```
[profile iam-user]
region = us-east-1
output = json

[profile iam-assume-role]
source_profile = iam-user
role_arn = arn:aws:iam::777788889999:role/user-role
role_session_name = my-session
region = ap-south-1
output = json
```

#### Federated login
Using IAM Identity Center, you can log in to Active Directory, a built-in IAM Identity Center directory, or another IdP connected to IAM Identity Center. You can map these credentials to an AWS Identity and Access Management (IAM) role for you to run AWS CLI commands.

In the following examples, using `aws-sso` profile assumes `sso-read-only-role` on `111122223333` account.

**Config file**
```
[profile aws-sso]
sso_session = my-sso-session
sso_account_id = 111122223333
sso_role_name = sso-read-only-role
role_session_name = my-session
region = us-east-1
output = json

[sso-session my-sso-session]
sso_region = us-east-2
sso_start_url = https://my-sso-portal.awsapps.com/start
sso_registration_scopes = sso:account:access
```

### Refer
The docs
- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
- https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html

---
## Usage of `store-iam-user-credentials`
> Try `aws-fusion store-iam-user-credentials --help` for detailed parameter

Store AWS credentials in system default credential store

### Use cases
To store IAM user credential in the system credential store for best security rather than plain text `~/.aws/credentials` file.

Manually the save the credential in the store using
```bash
aws-fusion store-iam-user-credentials \
    --access-key 'AKIAIOSFODNN7EXAMPLE' \
    --secret-key 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY' \
    --account-id '123456789012' \
    --username 'my-iam-user'
```

---
## Usage of `get-iam-user-credentials`
> Try `aws-fusion get-iam-user-credentials --help` for detailed parameter

Retrieve AWS credentials from system default credential store. Optionally plug the CLI to aws external credential process.

### Use cases
Configure aws config file to use credential process

**Config file**
```
[profile iam-user]
region = us-east-1
output = json
credential_process = aws-fusion get-iam-user-credentials --account-id 123456789012 --username 'my-iam-user' --access-key 'AKIAIOSFODNN7EXAMPLE' --credential-process
```

### Refer
The docs
- https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html

---
## Usage of `generate-okta-device-auth-credentials`
> Try `aws-fusion generate-okta-device-auth-credentials --help` for detailed parameter

Simplifies the process of obtaining AWS session credentials using SAML assertion from Okta device authentication

### Use cases
Configure aws config file to use credential process

**Config file**
```
[profile iam-user]
region = us-east-1
output = json
credential_process = aws-fusion generate-okta-device-auth-credentials --org-domain my.okta.com --oidc-client-id 0pbs4fq1q2vbGoFkC1m7 --aws-acct-fed-app-id 0oa8z9xa8BS9b2AFb1t7 --aws-iam-role arn:aws:iam::123456789012:role/PowerUsers --credential-process
```

---
## License
This project is licensed under the MIT License - see the [LICENSE](./LICENSE) file for details.

<!-- badge links -->

[tag]: https://github.com/snigdhasjg/aws-fusion/tags
[tag-badge]: https://img.shields.io/github/v/tag/snigdhasjg/aws-fusion?style=for-the-badge&logo=github

[actions-workflow-tagging]: https://github.com/snigdhasjg/aws-fusion/actions/workflows/tagging.yml
[actions-workflow-tagging-badge]: https://img.shields.io/github/actions/workflow/status/snigdhasjg/aws-fusion/tagging.yml?branch=main&label=Tagging&style=for-the-badge&logo=githubactions
