{"id":22398805,"url":"https://github.com/schubergphilis/grawsp","last_synced_at":"2025-07-29T05:02:24.286Z","repository":{"id":242897705,"uuid":"810772452","full_name":"schubergphilis/grawsp","owner":"schubergphilis","description":"A command line application to assist engineers manage credentials in an AWS landing zone.","archived":false,"fork":false,"pushed_at":"2024-06-12T10:49:37.000Z","size":135,"stargazers_count":2,"open_issues_count":5,"forks_count":1,"subscribers_count":7,"default_branch":"main","last_synced_at":"2024-11-21T19:51:47.559Z","etag":null,"topics":["aws","cli","credentials","oidc","oidc-client","sso","sts","terminal","token","tool"],"latest_commit_sha":null,"homepage":"https://www.schubergphilis.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/schubergphilis.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-05T10:26:39.000Z","updated_at":"2024-07-13T14:17:28.000Z","dependencies_parsed_at":"2024-06-12T11:01:11.814Z","dependency_job_id":"7f8b2788-9f04-42e9-9857-5a26b5e865b1","html_url":"https://github.com/schubergphilis/grawsp","commit_stats":null,"previous_names":["schubergphilis/sbpaws","schubergphilis/grawsp"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schubergphilis%2Fgrawsp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schubergphilis%2Fgrawsp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schubergphilis%2Fgrawsp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/schubergphilis%2Fgrawsp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/schubergphilis","download_url":"https://codeload.github.com/schubergphilis/grawsp/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":228249352,"owners_count":17891461,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cli","credentials","oidc","oidc-client","sso","sts","terminal","token","tool"],"created_at":"2024-12-05T07:12:16.201Z","updated_at":"2024-12-05T07:12:16.877Z","avatar_url":"https://github.com/schubergphilis.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Release Status](https://github.com/schubergphilis/grawsp/actions/workflows/pipeline.yml/badge.svg)](https://github.com/schubergphilis/grawsp/actions/workflows/pipeline.yml)\n\n# grawsp\n\nA command line application to assist engineers manage credentials in an AWS landing\nzone.\n\n- SSO-OIDC client\n- Assume SSO enabled roles\n- Use intermediary roles to assume others, when the role is not SSO enabled\n- Manage credentials on multiple landing zones (realms)\n- Export access credentials to your local AWS cli configuration file\n- View which credentials are valid or expired\n- Open AWS consoles from the command line (*)\n- Get credentials for multiple accounts as a specific role\n- Locally cache credentials\n\n(*) Currently only Firefox is supported\n\n## Requirements\n\n- Linux or macOS (*)\n- Python 3.10+\n\n(*) Windows support only through WSL\n\n## Installing\n\nYou can install it like any other Python package hosted in PyPi:\n\n```bash\npip install grawsp\n```\n\n... or using `pipx`:\n\n```bash\npipx install grawsp\n```\n\n... or using [Homebrew](https://brew.sh/):\n\n```bash\nbrew tap schubergphilis/tap\nbrew install grawsp\n```\n\nMake sure you have the `~/.local/bin` directory in your `$PATH` and that should be\nenough for you to be able to use `grawsp`.\n\n## Getting Started\n\n### Configuration\n\nThe path to the configuration file is `~/.config/grawsp/grawsp.conf` and here is what\nthe contents of the file could be:\n\n```text\n[user]\nemail = your-email@your-company.com\nname = Your Name\n\n[aws]\ndefault_realm = my-landingzone-1\ndefault_region = eu-central-1\n\n[my-landingzone-1]\ndefault_role = MyReadOnlyRole\nstart_url = https://d-1111111111.awsapps.com/start/\n\n[my-landingzone-2]\ndefault_role = MyAdminRole\nstart_url = https://d-2222222222.awsapps.com/start/\n\n[general]\nfirefox_path = /Applications/Firefox.app/Contents/MacOS/firefox\n```\n\n### Quickstart\n\nFirst you need to register your device and authenticate yourself:\n\n```bash\ngrawsp auth # will open your default browser to follow the SSO-OIDC process\n```\n\nThen you need to synchronise the list of AWS accounts available to you:\n\n```bash\ngrawsp sync\ngrawsp list accounts\n```\n\nNow you can also get credentials for a role in an account:\n\n```bash\ngrawsp auth 012345678910\ngrawsp auth my-account-dev\ngrawsp auth \"my.*-dev\"\ngrawsp auth --role ReadOnly \"my.*-dev\"\ngrawsp auth --role Admin --from-role Operator \"my.*-dev\"\ngrawsp list creds\n```\n\nIf you need to open the web console(*):\n\n```bash\ngrawsp open-console \"my.*-dev\"\ngrawsp open-console --role AdminRole --region ap-south-2 my-account-dev\n```\n\nIf you want to export your credentials to use in the [AWS Command Line Interface](https://aws.amazon.com/cli/):\n\n```bash\ngrawsp export --default-account my-account-dev --default-role ReadOnly\n```\n\n(*) This will use Firefox and not your default browser\n\n### We need to talk about Firefox\n\nFirefox is the only browser which allows us to isolate multiple tabs for the same\nwebsite. If you also install [this extension](https://addons.mozilla.org/en-US/firefox/addon/open-url-in-container/),\nthen `grawsp` will be able to open the AWS web console for multiple accounts in the same\nbrowser window.\n\nUnfortunately we could not replicate the same feature in other browsers. We are still\nresearching what would be the best experience for our users.\n\n## Contributing\n\nThis projects makes use of the [devcontainer](https://containers.dev/) standard, so\nif you want to contribute just open the project in a editor or IDE which supports\ndevelopment containers, like [Visual Studio Code](https://code.visualstudio.com/docs/devcontainers/containers)\nand your environment will be properly setup.\n\nIf you don't want to use an external development container, you will need the following\ndependencies to be installed and configured, refer to each dependency documentation to\nunderstand how to install and configure them.\n\n- Python 3.10+\n- Poetry\n- make\n- direnv\n\nFeel free then to fork the project and create a pull request to it once the change is\ncompleted. The project will run the pipeline automatically on all pull requests.\n\nThe project uses `make` and the tool to drive all project related tasks:\n\n| Job     | Description                                               |\n| ------- | --------------------------------------------------------- |\n| all     | Runs lint, scan, build and test jobs                      |\n| build   | Build a package and store it in `dist/` dir               |\n| clean   | Clean build and temporary files                           |\n| env     | Reloads `.envrc`                                          |\n| lint    | Runs `ruff` against the source code                       |\n| release | Publish the package to PyPi                               |\n| scan    | Uses `bandit` to scan the code for common security issues |\n| test    | Run the application tests                                 |\n\n## License\n\n```text\nLicensed under the Apache License, Version 2.0 (the \"License\"); you may not use this\nfile except in compliance with the License. You may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software distributed under\nthe License is distributed on an \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\nKIND, either express or implied. See the License for the specific language governing\npermissions and limitations under the License.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fschubergphilis%2Fgrawsp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fschubergphilis%2Fgrawsp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fschubergphilis%2Fgrawsp/lists"}