https://github.com/errm/break-glass
break-glass is a simple tool to manage short lived AWS credentials
https://github.com/errm/break-glass
Last synced: 10 months ago
JSON representation
break-glass is a simple tool to manage short lived AWS credentials
- Host: GitHub
- URL: https://github.com/errm/break-glass
- Owner: errm
- License: mit
- Created: 2023-06-21T15:57:04.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2023-06-23T15:50:06.000Z (almost 3 years ago)
- Last Synced: 2025-04-01T07:38:26.657Z (about 1 year ago)
- Language: Go
- Homepage:
- Size: 22.5 KB
- Stars: 4
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# break-glass
break-glass is a simple tool to manage short lived AWS credentials.
It will assume roles (optionally) with MFA authentication and save those
temporary credentials to an AWS profile.
## Usage
break-glass is configured with an additional config file in the `~/.aws` directory
`~/.aws/break-glass`
e.g.
```ini
[admin]
aws_role_arn = arn:aws:iam::012345678901:role/Admin
aws_mfa_device = arn:aws:iam::012345678901:mfa/iphone
duration = 3600
[on-call]
aws_role_arn = arn:aws:iam::012345678901:role/OnCall
aws_mfa_device = arn:aws:iam::012345678901:mfa/iphone
duration = 3600
```
When `break-glass` is run, if a MFA device is configured it will request
a token, then temporary credentials for the named profile(s) will
be written to the `~/.aws/credentials` file.
If you have more than one profile in your `~/.aws/break-glass` credentials
will be created for all profiles in the file, unless you set the `--profiles` flag to
target only the profile(s) that you want credentials for!