{"id":29673930,"url":"https://github.com/felixb/swamp","last_synced_at":"2026-03-12T09:20:52.802Z","repository":{"id":22587960,"uuid":"96314469","full_name":"felixb/swamp","owner":"felixb","description":"Teh AWS profile manager","archived":false,"fork":false,"pushed_at":"2022-03-12T15:48:12.000Z","size":88,"stargazers_count":44,"open_issues_count":0,"forks_count":20,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-06-20T18:14:25.790Z","etag":null,"topics":["aws","hacktoberfest","mfa","profile"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/felixb.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-07-05T12:00:05.000Z","updated_at":"2024-06-20T18:14:25.791Z","dependencies_parsed_at":"2022-08-07T10:15:54.984Z","dependency_job_id":null,"html_url":"https://github.com/felixb/swamp","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/felixb/swamp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felixb%2Fswamp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felixb%2Fswamp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felixb%2Fswamp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felixb%2Fswamp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/felixb","download_url":"https://codeload.github.com/felixb/swamp/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felixb%2Fswamp/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266580962,"owners_count":23951329,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-22T02:00:09.085Z","response_time":66,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","hacktoberfest","mfa","profile"],"created_at":"2025-07-22T22:08:38.755Z","updated_at":"2026-03-12T09:20:52.756Z","avatar_url":"https://github.com/felixb.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SWAMP: Profile Manager for AWS [![build](https://github.com/felixb/swamp/actions/workflows/build.yml/badge.svg)](https://github.com/felixb/swamp/actions/workflows/build.yml)\n\nYou can use `swamp` to switch AWS profiles with ease.\n\n## Use case\n\n`swamp` assumes you have an AWS account with CLI access credentials and you want to assume role into a set of AWS accounts from there.\n`swamp` optionally supports MFA authentication before assuming the target role.\n\n### Without MFA\n\n`swamp` calls `aws sts assume-role` and writes the returned credentials into the specified target profile.\n\n#### Example:\n\nCreate a session token based on your default profile:\n\n```\n$ swamp -profile default -target-profile target -target-role admin -account [target-account-id]\nWrote session token for profile target\nToken is valid until: 2017-07-06 08:31:10 +0000 UTC\n```\n\nCreate a session token based on your instance profile when running in an ec2 instance or ecs task:\n\n```\n$ swamp -instance -target-profile target -target-role admin -account [target-account-id]\nWrote session token for profile target\nToken is valid until: 2017-07-06 08:31:10 +0000 UTC\n```\n\n### With MFA\n\n`swamp` calls `aws sts get-session-token` with MFA authentication to obtain a profile with enabled MFA. The returned credentials are written to the specified intermediate profile.\nSubsequent calls may skip that step as long as the session token is still valid.\nWith these intermediate credentials `aws sts assume-role` is called as above.\n\n#### Example:\n\n```\n$ swamp -target-profile target -target-role admin -account [target-account-id] -mfa-device arn:aws:iam::[origin-account-id]:mfa/[userid]\nEnter mfa token for arn:aws:iam::[origin-account-id]:mfa/[userid]: XXXXXX\nWrote session token for profile session-token\nToken is valid until: 2017-07-06 20:32:09 +0000 UTC\nWrote session token for profile target\nToken is valid until: 2017-07-06 08:31:10 +0000 UTC\n```\n\nAnd run it again:\n\n```\n$ swamp -target-profile target -target-role admin -account [target-account-id] -mfa-device arn:aws:iam::[origin-account-id]:mfa/[userid]\nSession token for profile session-token is still valid\nWrote session token for profile target\nToken is valid until: 2017-07-06 08:32:15 +0000 UTC\n```\n\nOr create a session profile only:\n\n```\n$ swamp -mfa-device arn:aws:iam::[origin-account-id]:mfa/[userid]\nEnter mfa token for arn:aws:iam::[origin-account-id]:mfa/[userid]: XXXXXX\nWrote session token for profile session-token\nToken is valid until: 2017-07-06 20:32:09 +0000 UTC\n```\n\n### Auto-Obtain MFA Token\n\nIf using swamp with an mfa-enabled account you can use the `-mfa-exec` flag to tell swamp to try to obtain the token itself.\nYou need to give an executable command which returns the 6-digit code.\n\nswamp is known to integrate well with the following tools:\n\n* [pass](https://www.passwordstore.org/) / [pass-otp](https://github.com/tadfisher/pass-otp): `-mfa-exec \"pass otp amazonaws.com\"`\n* [ykman](https://developers.yubico.com/yubikey-manager/): `-mfa-exec \"ykman oath code amazonaws.com | awk '{ print $NF }'\"`\n\n#### Example:\n\n```\n$ swamp -target-profile target -target-role admin -account [target-account-id] -mfa-device arn:aws:iam::[origin-account-id]:mfa/[userid] -mfa-exec \"pass otp amazonaws.com\"\nObtaining mfa token for: arn:aws:iam::[origin-account-id]:mfa/[userid]\nWrote session token for profile session-token\nToken is valid until: 2017-07-06 20:32:09 +0000 UTC\nWrote session token for profile target\nToken is valid until: 2017-07-06 08:31:10 +0000 UTC\n```\n\n### Renew\n\n`swamp` allows running in a loop to create a new profile for the target account before credentials expire.\nIt even works with enabled MFA thanks to the cached intermediate credentials.\n\n#### Example\n\n```\n$ swamp -target-profile target -target-role admin -account [target-account-id] -mfa-device arn:aws:iam::[origin-account-id]:mfa/[userid] -renew\nEnter mfa token for arn:aws:iam::[origin-account-id]:mfa/[userid]: XXXXXX\nWrote session token for profile session-token\nToken is valid until: 2017-07-06 20:32:09 +0000 UTC\nWrote session token for profile target\nToken is valid until: 2017-07-06 08:31:10 +0000 UTC\nSession token for profile session-token is still valid\nWrote session token for profile target\nToken is valid until: 2017-07-06 08:46:10 +0000 UTC\n...\n```\n\n### Set profile in environment\nTo get a shell with `AWS_PROFILE` properly set, just use the `-exec` flag and run the shell of your choice. Close the shell when done and you are back int the context before running swamp.\n\n#### Example\n```\n$ echo \"outer shell: '$AWS_PROFILE'\"\nouter shell: ''\n$ swamp -target-profile target -target-role admin -account [target-account-id] -mfa-device arn:aws:iam::[origin-account-id]:mfa/[userid] -exec bash\n$ echo \"inner shell: '$AWS_PROFILE'\"\ninner shell: 'target'\n$ exit\n$ echo \"outer shell: '$AWS_PROFILE'\"\nouter shell: ''\n```\n\n### Generating shell aliases\n`swamp` has a lot of command line options. It is strongly recommended to create some kind of aliases for running swamp more easily.\n`swamp -alias-config \u003cconfig.yaml\u003e` does exactly that:\n```\nswamp -alias-config example/config.yaml \u003e\u003e ~/.bashrc\n```\nThe output `example/bash_aliases.sh` file is generated from the example config `example/config.yaml`.\n\n\n## Install\n\n### General\nFetch the latest binary from https://github.com/felixb/swamp/releases.\nYou may install it from source by running `make install` optionally setting something like  `TARGET=/usr/local/bin/` to specify a different installation target.\n\n### macOS\nYou can install swamp on macOS using [brew](https://brew.sh/) with a third-party repository. Simply run `brew tap splieth/swamp` to add the repository and then `brew install swamp` to install the binary.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffelixb%2Fswamp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffelixb%2Fswamp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffelixb%2Fswamp/lists"}