Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
Sorry we don't scan binary artifacts yet
- Maintainers
- 1
aws-tools
.. image:: https://img.shields.io/pypi/v/aws-tools.svg?maxAge=0 :target: https://pypi.org/project/aws-tools/ :alt: PyPI
This package provides tools for AWS platform, such as:
- switching between multiple accounts
- renewing API access keys
and others.
The main reason why aws-tools came to be, was using awscli_ with different access keys in the secure and easy way.
How it works
Switching between AWS accounts:
::
$ awsenv test
<test> $ aws s3 ls
...list of S3 objects on TEST environment...
### Explanation:
### <test> $ env | grep AWS
### AWS_SECRET_ACCESS_KEY=w0bM0rucARITPOUpcyAaX3iI9lGjJo7g8UUCUxIv
### AWS_ACCESS_KEY_ID=AKIAJPVK7VGH6CBZT5EQ
### AWS_ENV=test
<test> $ awsenv prod
<prod> $ aws s3 ls
...list of S3 objects on PROD environment...
### Explanation:
### <prod> $ env | grep AWS
### AWS_SECRET_ACCESS_KEY=P8crbSIvQ/Au0jfnW8XER9eJKxpQdYqpRVz5QxKo
### AWS_ACCESS_KEY_ID=AKIAJ4F26CMBPI1HF7MQ
### AWS_ENV=prod
Renewing AWS API access keys:
::
$ awsenv prod
### Explanation:
### <prod> $ env | grep AWS
### AWS_SECRET_ACCESS_KEY=P8crbSIvQ/Au0jfnW8XER9eJKxpQdYqpRVz5QxKo
### AWS_ACCESS_KEY_ID=AKIAJ4F26CMBPI1HF7MQ
### AWS_ENV=prod
<prod> $ awsroll prod
Rolled key for env prod: AccessKeyId=****************ZKQFQ; CreateDate=2018-11-14 13:10:04+00:00
<prod> $ awsenv prod
### Explanation:
### <prod> $ env | grep AWS
### AWS_SECRET_ACCESS_KEY=napb9J2RKzsSiTIjLRavN09qIfFzrMo7846zr2ou
### AWS_ACCESS_KEY_ID=AKIAJTGB6EFV7F4ZKQFQ
### AWS_ENV=prod
Getting started
..
Prerequisites:
aws-tools requires gpg (version >= 2.X) to decrypt/encrypt your AWS credentials.
Install necessary packages, and generate a new key pair:
::
$ sudo apt-get install gpg gpg-agent
$ gpg --gen-key
..
This document covers only gpg commands required to run aws-tools! If
you need to use other gpg parameters, go to gpg documentation.
Configure your region using awscli_ if you haven't done that yet:
::
$ aws configure
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]: eu-west-1
Default output format [None]:
..
Do not provide any keys here!
Installation
Simply run:
::
$ pip install --user aws-tools
Configuration
AWS Credentials ^^^^^^^^^^^^^^^
In ~/.aws directory create temporary env.<environment>.conf file
for each AWS environment.
For example, if you have 3 AWS environments: TEST, STAGE and PROD, there
should be 3 config files in ~/.aws directory:
::
env.test.conf
env.stage.conf
env.prod.conf
Edit each file:
.. code:: cfg
[default]
aws_access_key_id = <your_environment_specific_access_key_id>
aws_secret_access_key = <your_environment_specific_secret_access_key>
Encrypt each file with gpg:
::
$ gpg --encrypt --armor --output env.<environment>.conf.asc -r <your-gpg-user-id-name> env.<environment>.conf
and remove temporary env.*.conf files!
..
Run ``gpg -K`` to find out what is your ``<your-gpg-user-id-name>``
Shell ^^^^^
aws-tools comes with handy command completion and bash prompt features.
Simply add to your ~/.bashrc:
.. code:: cfg
source $HOME/.local/bin/aws_tools_completion.bash 2>/dev/null
export PS1="\$(__awsenv_ps1 2>/dev/null)${PS1}"
SMTP credentials (optional) ^^^^^^^^^^^^^^^^^^^^^^^^^^^
This step is helpful if you want to send renewed AWS access keys to an email.
In ~/.aws directory create temporary smtp.cfg file.
Edit smtp settings:
.. code:: cfg
smtplogin = <your_full_smtp_login>
smtppass = <your_password>
smtphost = <smtp_host>
smtpport = <smtp_port>
Encrypt config file with gpg:
::
$ gpg --encrypt --armor --output smtp.cfg.asc -r <your-gpg-user-id-name> smtp.cfg
and remove temporary smtp.cfg file!
Usage
Examples
Autocompletion:
::
$ awsenv<TAB><TAB>
prod stage test
Use TEST access keys:
::
$ awsenv test
Unset AWS access keys for current shell:
::
$ awsenv unset
Rotate PROD access keys:
::
$ awsroll prod
Rotate access keys for all environments:
::
$ awsroll
Rotate access keys for all environments using gpg agent, and send them to the email:
::
$ aws-roll-keys.py -a -e all -s <email@domain.org>
Rotate access keys for TEST environment and send info to the email:
::
$ aws-roll-keys.py -e test -i <email@domain.org>
.. _awscli: https://pypi.org/project/awscli/
Keywords
FAQs
Switching between multiple AWS accounts & renewing API access keys
We found that aws-tools demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024