AWS SU

Help with exporting AWS secrets and tokens when using assumed roles.

usage: aws-sudo [-h] [-i] [-e] [-m MFA_CODE] [-s SESSION_TIMEOUT]
                profile [command] [command_args]

positional arguments:
  profile               Name of the AWS profile
  command               Command to be executed
  command_args          Command arguments

optional arguments:
  -h, --help            show this help message and exit
  -i, --in-place        Should we udpate ~/.aws/credentials with tmp
                        credentials
  -e, --export          Should we output `unset` and `export` commands
  -m MFA_CODE, --mfa-code MFA_CODE
                        Your MFA code
  -s SESSION_TIMEOUT, --session-timeout SESSION_TIMEOUT
                        STS session timeout in seconds in the range 900..3600

The --in-place or --export option is useful if you want to de-couple running build/deploy CI/CD tasks from granting IAM permissions.

Examples

aws-sudo my-profile ansible-playbook ...

# unset & export
$(aws-sudo my-profile)
# ... with MFA
$(aws-sudo -m 135797 my-profile)

# MFA no interaction
aws-sudo -m 123789 my-profile ansible-playbook ...

# short lived session
aws-sudo -s 60 my-profile ansible-playbook ...

# update ~/.aws/credentials with tmp keys, secrets and tokens
aws-sudo -i my-profile

Contributors

This project was originally started by leepa.

Other people involved (in alphabetical order):

• Kuehn Hagen
• Minton Chris
• Reed David
• Roche Christian