{"id":15638755,"url":"https://github.com/antonbabenko/awsp","last_synced_at":"2025-04-16T05:56:08.193Z","repository":{"id":40762891,"uuid":"67888646","full_name":"antonbabenko/awsp","owner":"antonbabenko","description":"AWS credential profile changer","archived":false,"fork":false,"pushed_at":"2022-08-02T16:56:43.000Z","size":11,"stargazers_count":92,"open_issues_count":3,"forks_count":18,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-29T05:05:03.932Z","etag":null,"topics":["aws-iam","awsp","iam-users","mfa","profile"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/antonbabenko.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":["antonbabenko"],"custom":"https://www.paypal.me/antonbabenko"}},"created_at":"2016-09-10T18:51:43.000Z","updated_at":"2025-01-07T09:42:06.000Z","dependencies_parsed_at":"2022-07-09T11:00:21.282Z","dependency_job_id":null,"html_url":"https://github.com/antonbabenko/awsp","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antonbabenko%2Fawsp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antonbabenko%2Fawsp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antonbabenko%2Fawsp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/antonbabenko%2Fawsp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/antonbabenko","download_url":"https://codeload.github.com/antonbabenko/awsp/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249205598,"owners_count":21229955,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-iam","awsp","iam-users","mfa","profile"],"created_at":"2024-10-03T11:23:00.240Z","updated_at":"2025-04-16T05:56:08.173Z","avatar_url":"https://github.com/antonbabenko.png","language":"Shell","funding_links":["https://github.com/sponsors/antonbabenko","https://www.paypal.me/antonbabenko"],"categories":[],"sub_categories":[],"readme":"# AWS credential profile changer\n\nExcerpt from [IAM Best Practices](http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#delegate-using-roles):\n\n\u003e **Delegate by using roles instead of by sharing credentials**\n    \n\u003e You might need to allow users from another AWS account to access resources in your AWS account. If so, don't share security credentials, such as access keys, between accounts. Instead, use IAM roles. You can define a role that specifies what permissions the IAM users in the other account are allowed, and from which AWS accounts the IAM users are allowed to assume the role.\n\nTo make process of switching profiles (environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` among others) it is handy to use the code provided on this repo.\n\nFeatures\n========\n\n* Autocomplete of available profiles (`awsp + tab + tab`)\n* Support configurable location of credentials file (`AWS_SHARED_CREDENTIALS_FILE` environment variable)\n* Full compatibility with official AWS CLI\n* Assume roles which require MFA\n* Integration with [aws-vault](https://github.com/99designs/aws-vault) to prevent secrets from storing in plain-text\n\nInstall\n=======\n\n* [jq](https://stedolan.github.io/jq/) should be installed\n* Download [awsp_functions.sh](https://raw.githubusercontent.com/antonbabenko/awsp/master/awsp_functions.sh) anywhere you like (for example, `~/awsp_functions.sh`) and make it executable:\n\n```\n    $ wget -O ~/awsp_functions.sh https://raw.githubusercontent.com/antonbabenko/awsp/master/awsp_functions.sh\n    $ chmod +x ~/awsp_functions.sh\n   ```\n   \n* Depending on which version of shell you use, edit `~/.bash_profile` or similar to include: `source ~/awsp_functions.sh`\n* (Optional) Enable aliases and auto-completion into your `~/.bash_profile` or similar:\n\n```\n    alias awsall=\"_awsListProfile\"\n    alias awsp=\"_awsSetProfile\"\n    alias awswho=\"aws configure list\"\n\n    complete -W \"$(cat $HOME/.aws/credentials | grep -Eo '\\[.*\\]' | tr -d '[]')\" _awsSwitchProfile\n    complete -W \"$(cat $HOME/.aws/config | grep -Eo '\\[.*\\]' | tr -d '[]' | cut -d \" \" -f 2)\" _awsSetProfile\n```\n\nExamples\n========\n\nContent of `~/.aws/config`:\n```\n[company-anton]\naws_access_key_id=EXAMPLEACCESSKEY\naws_secret_access_key=EXAMPLESECRETACCESSKEY\n\n[company-staging-anton]\nrole_arn=arn:aws:iam::222222222222:role/company-staging\nsource_profile=company-anton\n\n[company-production-anton]\nrole_arn=arn:aws:iam::111111111111:role/company-production\nsource_profile=company-anton\nmfa_serial=arn:aws:iam::333333333333:mfa/anton\n```\n\nTo change AWS profile to use staging account (222222222222):\n\n    $ awsp company-staging-anton\n    \nTo change AWS profile to use production account (111111111111) which requires MFA token created in IAM account (333333333333, `company-anton`):\n\n    $ awsp company-production-anton\n    # Please enter your MFA token for arn:aws:iam::333333333333:mfa/anton\n    \u003e 123456\n    \nNotes\n=====\n\n1. This code has been tested only on Mac and there are no intentions to make it to work on other systems (if necessary)!\n\n1. To avoid storing AWS secrets in plain text you can use [aws-vault](https://github.com/99designs/aws-vault), while keeping the same `awsp` script to switch roles.\n\nAuthors\n=======\n\nCreated by [Anton Babenko](https://github.com/antonbabenko) with inspiration from [several](https://github.com/antonosmond/bash_profile/blob/master/.bash_profile) [code snippets](http://www.jayway.com/2015/09/25/aws-cli-profile-management-made-easy/)\n\nLicense\n=======\n\nApache 2 Licensed. See LICENSE for full details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fantonbabenko%2Fawsp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fantonbabenko%2Fawsp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fantonbabenko%2Fawsp/lists"}