https://github.com/strongjz/ghosts
Manage multiple AWS STS creds
https://github.com/strongjz/ghosts
aws sts
Last synced: 2 months ago
JSON representation
Manage multiple AWS STS creds
- Host: GitHub
- URL: https://github.com/strongjz/ghosts
- Owner: strongjz
- License: mit
- Created: 2017-06-02T18:36:32.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2017-09-25T16:17:38.000Z (almost 9 years ago)
- Last Synced: 2026-01-12T22:43:33.838Z (6 months ago)
- Topics: aws, sts
- Language: Go
- Homepage:
- Size: 10.7 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://goreportcard.com/report/github.com/strongjz/ghosts)
# ghosts
Ghosts - Go implementation that will help manage multiple STS credentials for shared AWS accounts
-profile will write the the temporary credentails to the defaul ~/.aws/credentials profile name in the option
Leaving -profile blank will make GHOSTS print the export varables so that they can be set as environment variables
### Ghost CLI options
ghosts --help
Usage of ghosts:
-arn string Role ARN
-base string base profile assuming (default "default")
-config string Config file that contains assume role information
-debug debug output
-duration int number of seconds credentials will last (default 900)
-mfa indicates if a mfa is need for this role
-name string name of the session (default "sts-session")
-profile string profile to write credentials out too
-serial string MFA serial number, arn:aws:iam::123456789012:mfa/user
-token string MFA token value
### Using a Config file
GHOSTS will parse the file provided in the --config option and set the flags for
-arn
-base
-serial
-profile
Config File Syntax
~~~YAML
[profile1]
base="base1"
role="arn:aws:iam::[ACCOUNT_NUMBER]:role/[ROLENAME]"
profile="[PROFILE_TO_UPDATE]"
mfa_serial="arn:aws:iam::[ACCOUNT_NUMBER]:mfa/[IAM_USERNAME]"
[profile2]
base="base1"
role="arn:aws:iam::[ACCOUNT_NUMBER]:role/[ROLENAME]"
profile="[PROFILE_TO_UPDATE]"
mfa_serial="arn:aws:iam::[ACCOUNT_NUMBER]:mfa/[IAM_USERNAME]"
~~~
Go STS overview
https://docs.aws.amazon.com/sdk-for-go/api/service/sts/#pkg-overview
Inspired by
https://github.com/wernerb/aws-adfs/blob/master/aws-adfs.go