Readme
.. image:: https://img.shields.io/pypi/v/aws-tools.svg?maxAge=0 :target: https://pypi.org/project/aws-tools/ :alt: PyPI
This package provides tools for AWS platform, such as:
and others.
The main reason why aws-tools came to be, was using awscli_ with different access keys in the secure and easy way.
Switching between AWS accounts:
::
$ awsenv test
<test> $ aws s3 ls
...list of S3 objects on TEST environment...
### Explanation:
### <test> $ env | grep AWS
### AWS_SECRET_ACCESS_KEY=w0bM0rucARITPOUpcyAaX3iI9lGjJo7g8UUCUxIv
### AWS_ACCESS_KEY_ID=AKIAJPVK7VGH6CBZT5EQ
### AWS_ENV=test
<test> $ awsenv prod
<prod> $ aws s3 ls
...list of S3 objects on PROD environment...
### Explanation:
### <prod> $ env | grep AWS
### AWS_SECRET_ACCESS_KEY=P8crbSIvQ/Au0jfnW8XER9eJKxpQdYqpRVz5QxKo
### AWS_ACCESS_KEY_ID=AKIAJ4F26CMBPI1HF7MQ
### AWS_ENV=prod
Renewing AWS API access keys:
::
$ awsenv prod
### Explanation:
### <prod> $ env | grep AWS
### AWS_SECRET_ACCESS_KEY=P8crbSIvQ/Au0jfnW8XER9eJKxpQdYqpRVz5QxKo
### AWS_ACCESS_KEY_ID=AKIAJ4F26CMBPI1HF7MQ
### AWS_ENV=prod
<prod> $ awsroll prod
Rolled key for env prod: AccessKeyId=****************ZKQFQ; CreateDate=2018-11-14 13:10:04+00:00
<prod> $ awsenv prod
### Explanation:
### <prod> $ env | grep AWS
### AWS_SECRET_ACCESS_KEY=napb9J2RKzsSiTIjLRavN09qIfFzrMo7846zr2ou
### AWS_ACCESS_KEY_ID=AKIAJTGB6EFV7F4ZKQFQ
### AWS_ENV=prod
..
Prerequisites:
aws-tools requires gpg (version >= 2.X) to decrypt/encrypt your AWS credentials.
Install necessary packages, and generate a new key pair:
::
$ sudo apt-get install gpg gpg-agent
$ gpg --gen-key
..
This document covers only gpg commands required to run aws-tools! If
you need to use other gpg parameters, go to gpg documentation.
Configure your region using awscli_ if you haven't done that yet:
::
$ aws configure
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]: eu-west-1
Default output format [None]:
..
Do not provide any keys here!
Installation
Simply run:
::
$ pip install --user aws-tools
Configuration
AWS Credentials ^^^^^^^^^^^^^^^
In ~/.aws directory create temporary env.<environment>.conf file
for each AWS environment.
For example, if you have 3 AWS environments: TEST, STAGE and PROD, there
should be 3 config files in ~/.aws directory:
::
env.test.conf
env.stage.conf
env.prod.conf
Edit each file:
.. code:: cfg
[default]
aws_access_key_id = <your_environment_specific_access_key_id>
aws_secret_access_key = <your_environment_specific_secret_access_key>
Encrypt each file with gpg:
::
$ gpg --encrypt --armor --output env.<environment>.conf.asc -r <your-gpg-user-id-name> env.<environment>.conf
and remove temporary env.*.conf files!
..
Run ``gpg -K`` to find out what is your ``<your-gpg-user-id-name>``
Shell ^^^^^
aws-tools comes with handy command completion and bash prompt features.
Simply add to your ~/.bashrc:
.. code:: cfg
source $HOME/.local/bin/aws_tools_completion.bash 2>/dev/null
export PS1="\$(__awsenv_ps1 2>/dev/null)${PS1}"
SMTP credentials (optional) ^^^^^^^^^^^^^^^^^^^^^^^^^^^
This step is helpful if you want to send renewed AWS access keys to an email.
In ~/.aws directory create temporary smtp.cfg file.
Edit smtp settings:
.. code:: cfg
smtplogin = <your_full_smtp_login>
smtppass = <your_password>
smtphost = <smtp_host>
smtpport = <smtp_port>
Encrypt config file with gpg:
::
$ gpg --encrypt --armor --output smtp.cfg.asc -r <your-gpg-user-id-name> smtp.cfg
and remove temporary smtp.cfg file!
Examples
Autocompletion:
::
$ awsenv<TAB><TAB>
prod stage test
Use TEST access keys:
::
$ awsenv test
Unset AWS access keys for current shell:
::
$ awsenv unset
Rotate PROD access keys:
::
$ awsroll prod
Rotate access keys for all environments:
::
$ awsroll
Rotate access keys for all environments using gpg agent, and send them to the email:
::
$ aws-roll-keys.py -a -e all -s <email@domain.org>
Rotate access keys for TEST environment and send info to the email:
::
$ aws-roll-keys.py -e test -i <email@domain.org>
.. _awscli: https://pypi.org/project/awscli/
FAQs
Switching between multiple AWS accounts & renewing API access keys
We found that aws-tools demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.
Security News
This episode of the Risky Biz podcast discusses how the rise of small open source packages and the shift towards individual maintainers makes the ecosystem more vulnerable to supply chain attacks.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.