# aws fusion
Unified CLI tool for streamlined AWS operations, enhancing developer productivity
[![Tag][tag-badge]][tag]
[![Publish][actions-workflow-publish-badge]][actions-workflow-publish]
## Installation
Install via pip install
```shell
pip install aws-fusion
```
## Command line tool
To invoke the cli, there are 2 option
1. Directly use `aws-fusion` command
2. Use it via [aws cli alias](https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-alias.html) with `aws fusion`
## Usage
```commandline
usage: aws-fusion [<flags>] <command> ...
Unified CLI tool for streamlined AWS operations, enhancing developer productivity
Flags:
-h, --help show this help message and exit
-v, --version Display the version of this tool
--debug Turn on debug logging
Command:
init [<flags>]
Initialize fusion app with creation of aws fusion alias.
open-browser [<flags>] [<args>]
Open a web browser for graphical access to the AWS Console.
-p, --profile PROFILE The AWS profile to create the pre-signed URL with
-r, --region REGION The AWS Region to send the request to
--clip Don't open the web browser, but copy the signin URL to clipboard
--stdout Don't open the web browser, but echo the signin URL to stdout
iam-user-credentials [<flags>] <sub-command>
IAM User credential helper.
iam-user-credentials get [<flags>] [<args>]
Retrieve IAM user credentials for AWS CLI profiles or application authentication.
--access-key ACCESS_KEY AWS access key
--account-id ACCOUNT_ID AWS Account ID for the name
--username USERNAME Username of a AWS user associated with the access key for the name
--credential-process Output the credential in AWS credential process syntax
iam-user-credentials store [<flags>] [<args>]
Store IAM user access key and secret key securely for streamlined authentication.
--access-key ACCESS_KEY AWS access key
--account-id ACCOUNT_ID AWS Account ID for the name
--username USERNAME Username of a AWS user associated with the access key for the name
--secret-key SECRET_KEY AWS secret key
okta [<flags>] <sub-command>
Generate AWS session credentials from Okta.
okta device-auth [<flags>] [<args>]
Generate AWS session credentials using SAML assertion from Okta device authentication.
--org-domain ORG_DOMAIN Full domain hostname of the Okta org e.g. example.okta.com
--oidc-client-id OIDC_CLIENT_ID The ID is the identifier of the client is Okta app acting as the IdP for AWS
--aws-acct-fed-app-id AWS_ACCT_FED_APP_ID The ID for the AWS Account Federation integration app
--aws-iam-role AWS_IAM_ROLE The AWS IAM Role ARN to assume
--credential-process Output the credential in AWS credential process syntax
config-switch [<flags>] <sub-command>
Switching between AWS config.
config-switch profile [<flags>]
Switch between available aws profile.
config-switch region [<flags>]
Switch between available aws region.
```
---
## Use case of `open-browser`
This only works with assume-role and federated-login, doesn't work with IAM user or user session.
#### IAM assume role
Profiles that use IAM roles pull credentials from another profile, and then apply IAM role permissions.
In the following examples, `iam-user` is the source profile for credentials and `iam-assume-role` borrows the same credentials then assumes a new role.
**Credentials file**
```
[profile iam-user]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
```
**Config file**
```
[profile iam-user]
region = us-east-1
output = json
[profile iam-assume-role]
source_profile = iam-user
role_arn = arn:aws:iam::777788889999:role/user-role
role_session_name = my-session
region = ap-south-1
output = json
```
#### Federated login
Using IAM Identity Center, you can log in to Active Directory, a built-in IAM Identity Center directory, or another IdP connected to IAM Identity Center. You can map these credentials to an AWS Identity and Access Management (IAM) role for you to run AWS CLI commands.
In the following examples, using `aws-sso` profile assumes `sso-read-only-role` on `111122223333` account.
**Config file**
```
[profile aws-sso]
sso_session = my-sso-session
sso_account_id = 111122223333
sso_role_name = sso-read-only-role
role_session_name = my-session
region = us-east-1
output = json
[sso-session my-sso-session]
sso_region = us-east-2
sso_start_url = https://my-sso-portal.awsapps.com/start
sso_registration_scopes = sso:account:access
```
### Refer
The docs
- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
- https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
---
## Usa case of `iam-user-credentials store`
To store IAM user credential in the system credential store for best security rather than plain text `~/.aws/credentials` file.
Manually the save the credential in the store using
```bash
aws-fusion iam-user-credentials store \
--access-key 'AKIAIOSFODNN7EXAMPLE' \
--secret-key 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY' \
--account-id '123456789012' \
--username 'my-iam-user'
```
---
## Use case of `iam-user-credentials get`
Configure aws config file to use credential process
**Config file**
```
[profile iam-user]
region = us-east-1
output = json
credential_process = aws-fusion iam-user-credentials get --account-id 123456789012 --username 'my-iam-user' --access-key 'AKIAIOSFODNN7EXAMPLE' --credential-process
```
### Refer
The docs
- https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html
---
## Use case of `okta device-auth`
Configure aws config file to use credential process
**Config file**
```
[profile iam-user]
region = us-east-1
output = json
credential_process = aws-fusion okta device-auth --org-domain my.okta.com --oidc-client-id 0pbs4fq1q2vbGoFkC1m7 --aws-acct-fed-app-id 0oa8z9xa8BS9b2AFb1t7 --aws-iam-role arn:aws:iam::123456789012:role/PowerUsers --credential-process
```
---
## Use case of `config-switch`
A special of utility script to help easily switch `profile` and `region`
This works with 2 bash script, namely `_awsp` and `_awsr`
> _Using the command without the bash script will have no effect_
Post installing the app, create 2 aliases in `.bashrc` or `.zshrc` file.
```shell
## aws fusion setup
alias awsp="source _awsp"
alias awsr="source _awsr"
```
<img src="https://raw.githubusercontent.com/snigdhasjg/aws-fusion/main/doc/images/config-switch.png" width="300" alt="config-switch-image"/>
---
## License
This project is licensed under the MIT License - see the [LICENSE](./LICENSE) file for details.
<!-- badge links -->
[tag]: https://github.com/snigdhasjg/aws-fusion/tags
[tag-badge]: https://img.shields.io/github/v/tag/snigdhasjg/aws-fusion?style=for-the-badge&logo=github
[actions-workflow-publish]: https://github.com/snigdhasjg/aws-fusion/actions/workflows/publish.yml
[actions-workflow-publish-badge]: https://img.shields.io/github/actions/workflow/status/snigdhasjg/aws-fusion/publish.yml?branch=main&label=Publish&style=for-the-badge&logo=githubactions
Raw data
{
"_id": null,
"home_page": "https://github.com/snigdhasjg/aws-fusion",
"name": "aws-fusion",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "aws,aws-sdk,aws-cli,aws-authentication,aws-sdk-python,aws-auth",
"author": "Snigdhajyoti Ghosh",
"author_email": "snigdhajyotighos.h@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/54/0b/8ad15fdb610ecd0e720ef517541a7cafd1b93098ca5eb51951436e4fea78/aws-fusion-1.6.1.tar.gz",
"platform": null,
"description": "# aws fusion\nUnified CLI tool for streamlined AWS operations, enhancing developer productivity\n\n[![Tag][tag-badge]][tag]\n[![Publish][actions-workflow-publish-badge]][actions-workflow-publish]\n\n## Installation\nInstall via pip install\n\n```shell\npip install aws-fusion\n```\n\n## Command line tool\nTo invoke the cli, there are 2 option\n1. Directly use `aws-fusion` command\n2. Use it via [aws cli alias](https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-alias.html) with `aws fusion`\n\n## Usage\n\n```commandline\nusage: aws-fusion [<flags>] <command> ...\n\nUnified CLI tool for streamlined AWS operations, enhancing developer productivity\n\nFlags:\n -h, --help show this help message and exit\n -v, --version Display the version of this tool\n --debug Turn on debug logging\n\nCommand:\n init [<flags>]\n Initialize fusion app with creation of aws fusion alias.\n \n open-browser [<flags>] [<args>]\n Open a web browser for graphical access to the AWS Console.\n \n -p, --profile PROFILE The AWS profile to create the pre-signed URL with\n -r, --region REGION The AWS Region to send the request to\n --clip Don't open the web browser, but copy the signin URL to clipboard\n --stdout Don't open the web browser, but echo the signin URL to stdout\n \n iam-user-credentials [<flags>] <sub-command>\n IAM User credential helper.\n\n iam-user-credentials get [<flags>] [<args>]\n Retrieve IAM user credentials for AWS CLI profiles or application authentication.\n \n --access-key ACCESS_KEY AWS access key\n --account-id ACCOUNT_ID AWS Account ID for the name\n --username USERNAME Username of a AWS user associated with the access key for the name\n --credential-process Output the credential in AWS credential process syntax\n\n iam-user-credentials store [<flags>] [<args>]\n Store IAM user access key and secret key securely for streamlined authentication.\n \n --access-key ACCESS_KEY AWS access key\n --account-id ACCOUNT_ID AWS Account ID for the name\n --username USERNAME Username of a AWS user associated with the access key for the name\n --secret-key SECRET_KEY AWS secret key\n \n okta [<flags>] <sub-command>\n Generate AWS session credentials from Okta.\n \n okta device-auth [<flags>] [<args>]\n Generate AWS session credentials using SAML assertion from Okta device authentication.\n\n --org-domain ORG_DOMAIN Full domain hostname of the Okta org e.g. example.okta.com\n --oidc-client-id OIDC_CLIENT_ID The ID is the identifier of the client is Okta app acting as the IdP for AWS\n --aws-acct-fed-app-id AWS_ACCT_FED_APP_ID The ID for the AWS Account Federation integration app\n --aws-iam-role AWS_IAM_ROLE The AWS IAM Role ARN to assume\n --credential-process Output the credential in AWS credential process syntax\n\n config-switch [<flags>] <sub-command>\n Switching between AWS config.\n \n config-switch profile [<flags>]\n Switch between available aws profile.\n \n config-switch region [<flags>]\n Switch between available aws region.\n```\n\n---\n## Use case of `open-browser`\nThis only works with assume-role and federated-login, doesn't work with IAM user or user session.\n\n#### IAM assume role\nProfiles that use IAM roles pull credentials from another profile, and then apply IAM role permissions. \n\nIn the following examples, `iam-user` is the source profile for credentials and `iam-assume-role` borrows the same credentials then assumes a new role.\n\n**Credentials file**\n```\n[profile iam-user]\naws_access_key_id=AKIAIOSFODNN7EXAMPLE\naws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\n```\n\n**Config file**\n```\n[profile iam-user]\nregion = us-east-1\noutput = json\n\n[profile iam-assume-role]\nsource_profile = iam-user\nrole_arn = arn:aws:iam::777788889999:role/user-role\nrole_session_name = my-session\nregion = ap-south-1\noutput = json\n```\n\n#### Federated login\nUsing IAM Identity Center, you can log in to Active Directory, a built-in IAM Identity Center directory, or another IdP connected to IAM Identity Center. You can map these credentials to an AWS Identity and Access Management (IAM) role for you to run AWS CLI commands.\n\nIn the following examples, using `aws-sso` profile assumes `sso-read-only-role` on `111122223333` account.\n\n**Config file**\n```\n[profile aws-sso]\nsso_session = my-sso-session\nsso_account_id = 111122223333\nsso_role_name = sso-read-only-role\nrole_session_name = my-session\nregion = us-east-1\noutput = json\n\n[sso-session my-sso-session]\nsso_region = us-east-2\nsso_start_url = https://my-sso-portal.awsapps.com/start\nsso_registration_scopes = sso:account:access\n```\n\n### Refer\nThe docs\n- https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html\n- https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html\n\n---\n## Usa case of `iam-user-credentials store`\nTo store IAM user credential in the system credential store for best security rather than plain text `~/.aws/credentials` file.\n\nManually the save the credential in the store using\n```bash\naws-fusion iam-user-credentials store \\\n --access-key 'AKIAIOSFODNN7EXAMPLE' \\\n --secret-key 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY' \\\n --account-id '123456789012' \\\n --username 'my-iam-user'\n```\n\n---\n## Use case of `iam-user-credentials get`\nConfigure aws config file to use credential process\n\n**Config file**\n```\n[profile iam-user]\nregion = us-east-1\noutput = json\ncredential_process = aws-fusion iam-user-credentials get --account-id 123456789012 --username 'my-iam-user' --access-key 'AKIAIOSFODNN7EXAMPLE' --credential-process\n```\n\n### Refer\nThe docs\n- https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html\n\n---\n## Use case of `okta device-auth`\nConfigure aws config file to use credential process\n\n**Config file**\n```\n[profile iam-user]\nregion = us-east-1\noutput = json\ncredential_process = aws-fusion okta device-auth --org-domain my.okta.com --oidc-client-id 0pbs4fq1q2vbGoFkC1m7 --aws-acct-fed-app-id 0oa8z9xa8BS9b2AFb1t7 --aws-iam-role arn:aws:iam::123456789012:role/PowerUsers --credential-process\n```\n\n---\n## Use case of `config-switch`\nA special of utility script to help easily switch `profile` and `region`\n\nThis works with 2 bash script, namely `_awsp` and `_awsr`\n> _Using the command without the bash script will have no effect_\n\nPost installing the app, create 2 aliases in `.bashrc` or `.zshrc` file.\n```shell\n## aws fusion setup\nalias awsp=\"source _awsp\"\nalias awsr=\"source _awsr\"\n```\n\n<img src=\"https://raw.githubusercontent.com/snigdhasjg/aws-fusion/main/doc/images/config-switch.png\" width=\"300\" alt=\"config-switch-image\"/>\n\n---\n## License\nThis project is licensed under the MIT License - see the [LICENSE](./LICENSE) file for details.\n\n<!-- badge links -->\n\n[tag]: https://github.com/snigdhasjg/aws-fusion/tags\n[tag-badge]: https://img.shields.io/github/v/tag/snigdhasjg/aws-fusion?style=for-the-badge&logo=github\n\n[actions-workflow-publish]: https://github.com/snigdhasjg/aws-fusion/actions/workflows/publish.yml\n[actions-workflow-publish-badge]: https://img.shields.io/github/actions/workflow/status/snigdhasjg/aws-fusion/publish.yml?branch=main&label=Publish&style=for-the-badge&logo=githubactions\n",
"bugtrack_url": null,
"license": "MIT License",
"summary": "Unified CLI tool for streamlined AWS operations",
"version": "1.6.1",
"project_urls": {
"Homepage": "https://github.com/snigdhasjg/aws-fusion"
},
"split_keywords": [
"aws",
"aws-sdk",
"aws-cli",
"aws-authentication",
"aws-sdk-python",
"aws-auth"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "0a5e823f24b78ef69ecd825dba4e1215df154e0500632cbe7390804b1f305345",
"md5": "053c0a3938560b3dcf96af5e4c3f699e",
"sha256": "b2949c97677dca4bd10f2d9648fafa5a3f13e73797df29857f0a34ecfa1dfd1c"
},
"downloads": -1,
"filename": "aws_fusion-1.6.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "053c0a3938560b3dcf96af5e4c3f699e",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 16565,
"upload_time": "2024-02-21T06:07:18",
"upload_time_iso_8601": "2024-02-21T06:07:18.434764Z",
"url": "https://files.pythonhosted.org/packages/0a/5e/823f24b78ef69ecd825dba4e1215df154e0500632cbe7390804b1f305345/aws_fusion-1.6.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "540b8ad15fdb610ecd0e720ef517541a7cafd1b93098ca5eb51951436e4fea78",
"md5": "c052dbe5dd133132e0ee1157f03f1873",
"sha256": "6232020071d080e2dde037c2f94b8e4df1479acaeb7e6d98c6eb16aa7cd6d1fd"
},
"downloads": -1,
"filename": "aws-fusion-1.6.1.tar.gz",
"has_sig": false,
"md5_digest": "c052dbe5dd133132e0ee1157f03f1873",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 14432,
"upload_time": "2024-02-21T06:07:20",
"upload_time_iso_8601": "2024-02-21T06:07:20.360033Z",
"url": "https://files.pythonhosted.org/packages/54/0b/8ad15fdb610ecd0e720ef517541a7cafd1b93098ca5eb51951436e4fea78/aws-fusion-1.6.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-02-21 06:07:20",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "snigdhasjg",
"github_project": "aws-fusion",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "aws-fusion"
}
JSON
