Tooling to help to assume AWS IAM roles.
Offers a command-line helper tool, asu
, and a Ruby library. After assuming the specified role, it sets the standard environment variables and configures the Ruby SDK for the role.
The project can be installed in a shell:
gem install yle-aws-role
To use the Ruby library, add this line to your application's Gemfile:
gem 'yle-aws-role'
and then execute bundle
Usage: asu <account> [options] -- [command ...]
or: asu --list
account The account ID or pattern of the role account
command Command to execute with the role. Defaults to launching new shell session.
-d, --duration Duration for the role credentials. Default: 900
--env Print out environment variables and exit
-l, --list Print out all configured account aliases
-q, --quiet Be quiet
-r, --role Name of the role
-h, --help Prints this help
-v, --version Prints the version information
Account aliases and their IDs can be specified in a configuration file. Then you can list the known accounts with asu --list
, and use aliases (even with partial matching) when specifying the account for asu
. Also the default role can be set.
The configuration file location defaults to $HOME/.aws/asu.yaml, but can be specified with the ASU_CONFIG
environment variable.
Example configuration:
defaults:
role: "dev"
accounts:
foo-bar: "123456789012"
baz: "987654321098"
With this you can just call for example
asu foo -- aws s3 ls s3://mybucket/
Bug reports and pull requests are welcome on GitHub at https://github.com/Yleisradio/yle-aws-role. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.
The gem is available as open source under the terms of the MIT License.