https://github.com/sam701/awstools

A few helpful AWS tools written in Go
https://github.com/sam701/awstools

aws awstools cli golang linux osx

Last synced: 6 months ago
JSON representation

A few helpful AWS tools written in Go

• Host: GitHub
• URL: https://github.com/sam701/awstools
• Owner: sam701
• License: mit
• Created: 2016-04-29T14:03:20.000Z (almost 10 years ago)
• Default Branch: master
• Last Pushed: 2020-01-26T18:07:13.000Z (about 6 years ago)
• Last Synced: 2025-07-01T04:38:39.836Z (9 months ago)
• Topics: aws, awstools, cli, golang, linux, osx
• Language: Go
• Homepage:
• Size: 91.8 KB
• Stars: 68
• Watchers: 5
• Forks: 9
• Open Issues: 6
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

README

          
# awstools

[![Build Status](https://travis-ci.org/sam701/awstools.svg?branch=master)](https://travis-ci.org/sam701/awstools) A few helpful AWS tools.

```

NAME:

   awstools - AWS tools

USAGE:

   awstools [global options] command [command options] [arguments...]

VERSION:

   0.13.2

COMMANDS:

     assume                      assume role on a specified account

     accounts                    print known accounts

     ec2                         print EC2 instances and ELBs

     cloudformation, cf          print CloudFormation stacks information

     rotate-main-account-key, r  create a new access key for main account and delete the current one

     dynamodb, ddb               dynamodb commands

     kms                         encrypt/decrypt text

     kinesis                     print records from kinesis streams

     cloudwatch, cw              search in cloudwatch logs

     help, h                     Shows a list of commands or help for one command

GLOBAL OPTIONS:

   --config value, -c value  path to config.toml file (default: ~/.config/awstools/config.toml)

   --no-color                turn off color output

   --help, -h                show help

   --version, -v             print the version

```

## Note

Consider also [awscredx](https://github.com/sam701/awscredx) if you are mostly interested in role assumption.

## Install

[We provide binaries for all releases through GitHub](https://github.com/sam701/awstools/releases). The latest release is [0.13.2](https://github.com/sam701/awstools/releases/latest).

To install `awstools` choose the binary for your architecture (either OSX or Linux), run a download and use `chmod` to make it executable.

### OSX

On Mac you can use Homebrew to install the binary:

```sh

$ brew tap sam701/awstools

$ brew install awstools

```

### Linux

```sh

$ curl -o awstools -SsL https://github.com/sam701/awstools/releases/download/0.13.2/awstools_linux_amd64

$ chmod +x awstools

```

## Build

Export reqired environment variables:

```sh

export GOPATH=$HOME/goprojects

export PATH=$PATH:$GOPATH/bin

```

Install `awstools`:

```sh

go get -u github.com/sam701/awstools

```

## Configuration

The default path to the configuration file is `$HOME/.config/awstools/config.toml`.

Here is an example of a `config.toml`:

```toml

defaultRegion = "eu-west-1"

defaultKmsKey = "arn:aws:kms:eu-west-1:000000000001:key/00000000-1111-1111-2222-333333333333"

# Rotate the main account access key every week

keyRotationIntervalMinutes = 10080

# Reuse current credentials, if they are valid for at least 10 minutes.

reuseCredentialsIfValidForMinutes = 10

[profiles]

mainAccount = "main_account"

mainAccountMfaSession = "main_account_mfa_session"

[accounts]

main = "000000000001"

dev = "000000000002"

prod = "000000000003"

```

* `profiles` section contains profile names that will be saved in `$HOME/.aws/credentials`.

* `accounts` section contains account ids and its names.

Add to your `.bash_profile`

```sh

aws_assume(){

	tmpFile=/tmp/assume.tmp

	awstools assume --export $tmpFile --export-profile $@ && source $tmpFile

	rm $tmpFile

}

```

or to your `~/.config/fish/config.fish`

```sh

function aws_assume

	set tmp /tmp/aws_assume.tmp

	awstools assume --export $tmp --export-profile $argv; and source $tmp

	rm $tmp

end

```

`--export-profile` flag tells `awstools` to print only `AWS_PROFILE` instead of printing `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` and `AWS_SESSION_TOKEN` variables.

This will become the default behavior later.

Now in order to assume a role on a subaccount, you can run something like this

```sh

aws_assume AccountName MyRoleOnSubAccount

```

### Required IAM permissions

#### AssumeRole

For assuming a role in another account `awstools` needs the following permissions:

- `iam:GetUser`

- `iam:ListAccessKeys`

*Note: `awstools` is using the MFA authenticated sessions for operations on your AWS access key.*

#### Access Key Rotation

For rotating access keys on the relevant account `awstools` needs the following permissions:

- `iam:GetUser`

- `iam:CreateAccessKey`

- `iam:DeleteAccessKey`

- `iam:ListAccessKeys`

- `iam:UpdateAccessKey`

*Note: `awstools` is using the MFA authenticated sessions for operations on your AWS access key.*

# License

This project is licensed under the MIT license. You can find a copy of the license at the top level of the repository.