{"id":34066051,"url":"https://github.com/mvallim/aws-gen-cli","last_synced_at":"2025-12-14T06:10:22.609Z","repository":{"id":57413229,"uuid":"156155227","full_name":"mvallim/aws-gen-cli","owner":"mvallim","description":"awsgen is the software that manage AWS Security Token Service (STS) and enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users).","archived":false,"fork":false,"pushed_at":"2019-05-05T23:22:51.000Z","size":114,"stargazers_count":8,"open_issues_count":0,"forks_count":0,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-08-30T14:37:03.251Z","etag":null,"topics":["aws","aws-cli","aws-profile","aws-sts","manager","profile","sts","temporary-credentials"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mvallim.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-11-05T03:26:04.000Z","updated_at":"2022-03-09T14:27:36.000Z","dependencies_parsed_at":"2022-09-07T05:30:56.027Z","dependency_job_id":null,"html_url":"https://github.com/mvallim/aws-gen-cli","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/mvallim/aws-gen-cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mvallim%2Faws-gen-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mvallim%2Faws-gen-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mvallim%2Faws-gen-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mvallim%2Faws-gen-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mvallim","download_url":"https://codeload.github.com/mvallim/aws-gen-cli/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mvallim%2Faws-gen-cli/sbom","scorecard":{"id":669105,"data":{"date":"2025-08-11","repo":{"name":"github.com/mvallim/aws-gen-cli","commit":"45fdb4c014e3581912ecb5fc3eda59847b7bb5cc"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.5,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}}]},"last_synced_at":"2025-08-21T19:19:30.474Z","repository_id":57413229,"created_at":"2025-08-21T19:19:30.474Z","updated_at":"2025-08-21T19:19:30.474Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27719223,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-14T02:00:11.348Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-cli","aws-profile","aws-sts","manager","profile","sts","temporary-credentials"],"created_at":"2025-12-14T06:10:21.393Z","updated_at":"2025-12-14T06:10:22.599Z","avatar_url":"https://github.com/mvallim.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# awsgen\n\n[![build status](https://img.shields.io/travis/mvallim/aws-gen-cli.svg)](https://travis-ci.org/mvallim/aws-gen-cli/builds) \n![PyPI](https://img.shields.io/pypi/v/awsgen.svg) \n![PyPI - Downloads](https://img.shields.io/pypi/dm/awsgen.svg)\n\n\nawsgen is the software that manage AWS Security Token Service (STS) and enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users).\nFor more detailed information about using this service, go to [Temporary Security Credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) or take a look in [cf-security-accounts.json](cf-security-accounts.json)\n\n![Schema](schema.png)\n\n## Getting Started\n\nThese instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.\n\n### Prerequisites\n\nYou will need to have python and pip installed on your machine.\n\n#### On Linux (Debian/Ubuntu)\n\n```\n$ sudo apt-get install python python-pip -y\n```\nRight after having it installed you'll need to get aws-cli and aws-gen.\n\n```\n$ sudo pip install awscli awsgen --upgrade --no-cache-dir\n```\n\n#### On Windows\n\nTo install python go to [Python.org](https://www.python.org/downloads/windows/)\n\nRight after having it installed you'll need to get aws-cli and aws-gen.\n\n```\n\u003e pip install awscli awsgen --upgrade --no-cache-dir\n```\n\n#### On MacOS (under construction)\n\nPlease add instructions here\n\n## Installing\n\nFirst you need to create an account with aws (please go to [Amazon Website](https://aws.amazon.com/))\n\nGo to the terminal and create a new AWS profile using the following command:\n\n```\n$ aws-gen configure \\\n            --account AWS_ACCOUNT \\\n            --trust-role-arn TRUSTROLEARN \\\n            --access-key-id AWS_ACCESS_KEY_ID \\\n            --secret-access-key AWS_SECRET_ACCESS_KEY\n```\n\n##### Parameters:\n* __`AWS_ACCOUNT`__: stands for the main name of your project or brand, i.e. __brand-project__ or __littleBanana-tree__. This is important because it will link with your profile later.\n* __`TRUSTROLEARN`__: Role you need to create with a Superadmin user allowing you do whatever you need. This role will give the properly permissions to run builds, create/update/delete cloudformation, create new services on AWS, etc.\n* __`AWS_ACCESS_KEY_ID`__: stands for the access key you will get once you create a user.\n* __`AWS_SECRET_ACCESS_KEY`__: stands for the secret key you will have once you create your user.\n\nAfter configuring it, you need to create a profile:\n\n```\n$ aws-gen create-profile \\\n            --account AWS_ACCOUNT \\\n            --profile AWS_PROFILE \\\n            --region-name AWS_REGION \\\n            --output AWS_OUTPUT\n```\n\n##### Parameters:\n* __`AWS_REGION`__: stands for the region you mostly use on your account, where your infrastructure relies.\n* __`AWS_OUTPUT`__: We usually use JSON as output format, but there are other options you can explore.\n* __`AWS_PROFILE`__: stands for the profile name you want to use. It is important to keep the things organized, so we would recomend to name it follwing the standard __username__@`AWS_ACCOUNT`, i.e. __aboscatto@brand-project__ or __danielpn@littleBanana-tree__.\n\n## Using\n\n### Generating an authenticaded AWS console link\n\nIf you need to access the AWS Console using the `TRUSTROLEARN` role, please do the following:\n\n```\n$ aws-gen get-link --account AWS_ACCOUNT --profile AWS_PROFILE\n```\n##### Parameters:\n* __`AWS_ACCOUNT`__: stands for the main name of your project or brand, i.e. __brand-project__ or __littleBanana-tree__. This is important because it will link with your profile later.\n* __`AWS_PROFILE`__: stands for the profile name you want to use. It is important to keep the things organized, so we would recomend to name it follwing the standard __username__@`AWS_ACCOUNT`, i.e. __aboscatto@brand-project__ or __danielpn@littleBanana-tree__.\n\n\n### Generating temporary AWS Access key\n\nIf you need to access the AWS using access key over the `TRUSTROLEARN` role, please do the following:\n\n```\n$ aws-gen get-key --account AWS_ACCOUNT --profile AWS_PROFILE\n```\n##### Parameters:\n* __`AWS_ACCOUNT`__: stands for the main name of your project or brand, i.e. __brand-project__ or __littleBanana-tree__. This is important because it will link with your profile later.\n* __`AWS_PROFILE`__: stands for the profile name you want to use. It is important to keep the things organized, so we would recomend to name it follwing the standard __username__@`AWS_ACCOUNT`, i.e. __aboscatto@brand-project__ or __danielpn@littleBanana-tree__.\n\n##### Output:\n* __`AWS_ACCESS_KEY_ID`__: The access key ID that identifies the temporary security credentials.\n* __`AWS_SECRET_ACCESS_KEY`__: The secret access key that can be used to sign requests.\n* __`AWS_SESSION_TOKEN`__: The token that users must pass to the service API to use the temporary credentials.\n\n\n### Setting active profile\n\nIf you need active profile default, please do the following:\n\n```\n$ aws-gen set-active-profile --profile AWS_PROFILE\n```\n##### Parameters:\n* __`AWS_PROFILE`__: stands for the profile name you want to use. It is important to keep the things organized, so we would recomend to name it follwing the standard __username__@`AWS_ACCOUNT`, i.e. __aboscatto@brand-project__ or __danielpn@littleBanana-tree__.\n\n### Getting active profile\n\nIf you need get active profile, please do the following:\n\n```\n$ aws-gen get-active-profile\n```\n\n### Listing profiles\n\nIf you need list profiles, please do the following:\n\n```\n$ aws-gen list-profiles\n```\n\n### Deploying with Serverless\n\nDoing the deploy with Serverless should be pretty simple and you need to use the --aws-profile parameter\n\n```\n$ sls deploy --aws-profile AWS_PROFILE\n```\n### Using aws cli\n\nDoing the use with aws cli should be pretty simple and you need to use the --profile parameter\n\n```\n$ aws s3 ls --profile AWS_PROFILE\n```\n\n### Step-by-step example\n\nHere is an example of how it should look like during the installing:\n```\n$ sudo apt-get install python python-pip -y\n```\n```\n$ sudo pip install awscli awsgen --upgrade --no-cache-dir\n```\n```\n$ aws-gen configure \\\n            --account brand-project \\\n            --trust-role-arn arn:aws:iam::123456789123:role/AWSTrustUserRole \\\n            --access-key-id AK***************KQ \\\n            --secret-access-key Y*********************0*******P*******S\n```\n```\n$ aws-gen create-profile \\\n            --account brand-project \\\n            --profile aboscatto@brand-project \\\n            --region-name us-west-2 \\\n            --output json\n```\n\n## Contributing\n\nPlease read [CONTRIBUTING.md](CONTRIBUTING.md) for details on our code of conduct, and the process for submitting pull requests to us.\n\n## Versioning\n\nWe use [GitHub](https://github.com/mvallim/aws-gen-cli) for versioning. For the versions available, see the [tags on this repository](https://github.com/mvallim/aws-gen-cli/tags). \n\n## Authors\n\n* **Marcos Vallim** - *Initial work, Test, Documentation* - [mvallim](https://github.com/mvallim)\n* **André Boscatto** - *Validation use, Test, Documentation* - [andreboscatto](https://github.com/andreboscatto)\n* **Kalianne Rosa** - *Validation use, Test* - [kaliannerosa](https://github.com/KalianneRosa)\n* **Daniel Nunes** - *Validation use, Test* - [daspn](https://github.com/daspn)\n\nSee also the list of [contributors](CONTRIBUTORS.txt) who participated in this project.\n\n## License\n\nThis project is licensed under the BSD License - see the [LICENSE](LICENSE) file for details\n\n## Acknowledgments (under construction)\n\n* Hat tip to anyone whose code was used\n* Inspiration\n* etc\n\n## Code of Conduct\n\nEveryone interacting in the awsgen project's codebases, issue trackers, chat rooms, and mailing lists is expected to follow the `PyPA Code of Conduct`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmvallim%2Faws-gen-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmvallim%2Faws-gen-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmvallim%2Faws-gen-cli/lists"}