Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/zzdjk6/assume-role.js

Assume role cli tool implemented in node.js
https://github.com/zzdjk6/assume-role.js

Last synced: 8 days ago
JSON representation

Assume role cli tool implemented in node.js

Awesome Lists containing this project

README 

        
# assume-role-js



A simple CLI tool to assume AWS IAM role, written in TypeScript.



This project aims at a drop-in replacement of the most common and basic use cases of https://github.com/uber/assume-role-cli, which has not been updated for years and people keep complaining about some critical issues (such as [not usable on windows](https://github.com/uber/assume-role-cli/issues/20)).



## System requirements



- Node.js v16

- AWS CLI v2



Also, please make sure that you have used `aws configure` to set up the basic IAM user credentials as your `default` profile.

See https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-config for more details.



## Install



Run the command below to install:



```shell

npm install -g assume-role-js

```



## Features



### Run commands inline with assumed role



```shell

assume-role-js --role arn:aws:iam::123456789:role/developer aws s3 ls

```



This line will assume the `arn:aws:iam::123456789:role/developer` role and use it to run `aws s3 ls`, without polluting your CLI system environment variables.



> Note: same feature exists on https://github.com/uber/assume-role-cli



### Print out the system environment variables needed by AWS CLI to run as assumed-role



```shell

assume-role-js --role arn:aws:iam::123456789:role/developer

```



Without inline AWS command, it will just print the system environment variables.



Output example:



```

AWS_ACCESS_KEY_ID=xxxx

AWS_SECRET_ACCESS_KEY=xxxx

AWS_SESSION_TOKEN=xxxx

```



> Note: same feature exists on https://github.com/uber/assume-role-cli



### Cache credentials



You may need to run multiple commands with assumed role, and it is tedious to enter the MFA token code every time.



We got you covered by caching credentials and expiration time via [AWS Named Profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) without the need to re-assume role every time.



The profile name is automatically generated by the role arn.



For example, role arn `arn:aws:iam::123456:role/developer` will generate profile name as `123456-developer`.



> Note: same feature exists on https://github.com/uber/assume-role-cli



### Autodetect and use MFA device



This feature requires the IAM user has `iam:GetUser` and `iam:ListMFADevices` permission.



Example policy to attach is:



```json

{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Effect": "Allow",

      "Action": [

        "iam:GetUser",

        "iam:ListMFADevices"

      ],

      "Resource": "arn:aws:iam:::user/${aws:username}"

    }

  ]

}

```



See https://github.com/uber/assume-role-cli#getting-started for more details



> Note: same feature exists on https://github.com/uber/assume-role-cli



## Development



If you would like to make changes to this tool, simply clone the repo.



### Install dependencies



```shell

yarn

```



### Compile and bundle the runnable



```shell

yarn build

```



### Hot link the runnable to system



```shell

npm link

```



### Run development build



```shell

yarn start --role arn:aws:iam::123456789:role/developer



yarn start --role arn:aws:iam::123456789:role/developer aws s3 ls

```



## Troubleshooting



### Getting error of "cannot be loaded because running scripts is disabled on this system"



This might happen when trying to run the script under PowerShell due to the execution policy.



Solution:



```shell

powershell -ExecutionPolicy Bypass

```