# AWS Temporary Credentials CLI
## Overview
This Python CLI tool helps AWS users easily obtain temporary credentials using AWS SSO. It simplifies the process of logging in via SSO, exporting credentials as environment variables, and saving them to `~/.aws/credentials`. This tool is beneficial for developers and DevOps engineers who frequently switch between AWS roles or need temporary credentials for various tasks.
## Target Audience
- **Developers**: Quickly switch AWS roles and access temporary credentials without manually configuring environment variables.
- **DevOps Engineers**: Automate credential management in scripts or CI/CD pipelines.
- **AWS Administrators**: Simplify the process of accessing and managing temporary credentials.
## Features
- **List Configured Profiles**: View all AWS profiles configured in `~/.aws/config`.
- **Login and Fetch Credentials**: Log in to AWS SSO, retrieve temporary credentials, and set environment variables.
- **Save Credentials**: Optionally save credentials to `~/.aws/credentials` for persistent use under the specified profile.
- **Profile-based Configuration**: Allows credentials to be saved under the profile specified in the CLI argument.
- **Conditional Default Profile Handling**: Checks if the default profile exists and handles it based on a `--set-default` flag.
- **Logging**: Detailed logging for tracking the process and debugging issues.
## Prerequisites
Before using this script, ensure you have the following prerequisites:
1. **AWS CLI**: The script uses AWS CLI to interact with AWS services. Make sure you have installed and configured the AWS CLI with valid credentials.
2. **AWS SSO Configuration**: Ensure your `~/.aws/config` file is properly configured with the AWS account you wish to access. Refer to the example below or `config.example` in this repository.
## Installation
Ensure you have Python 3.x installed and install the required packages:
```bash
pip install get-tmp-creds
```
View all PyPi releases here: [get-tmp-creds on PyPi](https://pypi.org/project/get-tmp-creds/).
## Usage
### Listing AWS Profiles
To list all profiles configured in your `~/.aws/config` file:
```bash
get-tmp-creds --list
```
### AWS SSO Configuration Example
```ini
[default]
region = us-west-2
[profile my-dev-acct]
sso_start_url = https://mycompany.awsapps.com/start
sso_region = us-east-1
sso_account_id = 0123456789
sso_role_name = PowerUsersRole
region = us-west-2
```
### Getting Temporary Credentials
To get temporary AWS credentials for a specified profile and save them under that profile in `~/.aws/credentials`:
```bash
get-tmp-creds <profile_name>
get-tmp-creds my-dev-acct
```
This will:
1. Clear the SSO cache.
2. Log in to AWS SSO.
3. Retrieve and export temporary credentials as environment variables.
4. Save credentials to `~/.aws/credentials` under the specified profile.
### Options
- **`--list`**: Lists all configured AWS profiles.
- **`--no-save`**: Prevents saving credentials to `~/.aws/credentials`. By default, credentials are saved under the profile name.
- **`--set-default`**: If the `default` profile in `~/.aws/credentials` already exists and is non-empty, this option forces the script to overwrite it.
### Example
1. **List Profiles**
```bash
get-tmp-creds --list
```
2. **Get and Export Credentials**
```bash
get-tmp-creds my-profile
```
This command logs in to AWS SSO using the `my-profile` profile, retrieves temporary credentials, and writes them to an environment variable file. You can source this file to set the credentials in your current shell session.
3. **Get Credentials without Saving**
```bash
get-tmp-creds my-profile --no-save
```
This command performs the same actions as the previous command but does not save the credentials to `~/.aws/credentials`.
4. **Set Default Profile**
```bash
get-tmp-creds my-profile --set-default
```
This command saves the credentials under the `default` profile in `~/.aws/credentials`, even if it is already populated.
## File Permissions
The script writes temporary credentials to a file named `~/.aws/tmp-creds.sh` with permissions set to `600` (read and write for the owner only). This ensures the file is secure and only accessible by the owner.
## Troubleshooting
- **UnauthorizedException**: If you encounter authorization errors, ensure that you have logged in with AWS SSO and that your access token is valid.
- **ExpiredToken**: If you see errors related to expired tokens, re-authenticate using `aws sso login` for the respective profile.
## Logging
The script uses Python’s `logging` module to provide detailed logs of its operations. Logs are output to the console and can help troubleshoot issues or verify that the script is functioning correctly.
## Contributing
Feel free to submit issues, feature requests, or pull requests. Contributions are welcome!
## License
This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.
Raw data
{
"_id": null,
"home_page": "https://github.com/aderbique/get-tmp-creds",
"name": "get-tmp-creds",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": null,
"author": "Austin Derbique",
"author_email": "austin@derbique.org",
"download_url": null,
"platform": null,
"description": "# AWS Temporary Credentials CLI\n\n## Overview\n\nThis Python CLI tool helps AWS users easily obtain temporary credentials using AWS SSO. It simplifies the process of logging in via SSO, exporting credentials as environment variables, and saving them to `~/.aws/credentials`. This tool is beneficial for developers and DevOps engineers who frequently switch between AWS roles or need temporary credentials for various tasks.\n\n## Target Audience\n\n- **Developers**: Quickly switch AWS roles and access temporary credentials without manually configuring environment variables.\n- **DevOps Engineers**: Automate credential management in scripts or CI/CD pipelines.\n- **AWS Administrators**: Simplify the process of accessing and managing temporary credentials.\n\n## Features\n\n- **List Configured Profiles**: View all AWS profiles configured in `~/.aws/config`.\n- **Login and Fetch Credentials**: Log in to AWS SSO, retrieve temporary credentials, and set environment variables.\n- **Save Credentials**: Optionally save credentials to `~/.aws/credentials` for persistent use under the specified profile.\n- **Profile-based Configuration**: Allows credentials to be saved under the profile specified in the CLI argument.\n- **Conditional Default Profile Handling**: Checks if the default profile exists and handles it based on a `--set-default` flag.\n- **Logging**: Detailed logging for tracking the process and debugging issues.\n\n## Prerequisites\n\nBefore using this script, ensure you have the following prerequisites:\n\n1. **AWS CLI**: The script uses AWS CLI to interact with AWS services. Make sure you have installed and configured the AWS CLI with valid credentials.\n2. **AWS SSO Configuration**: Ensure your `~/.aws/config` file is properly configured with the AWS account you wish to access. Refer to the example below or `config.example` in this repository.\n\n## Installation\n\nEnsure you have Python 3.x installed and install the required packages:\n\n```bash\npip install get-tmp-creds\n```\n\nView all PyPi releases here: [get-tmp-creds on PyPi](https://pypi.org/project/get-tmp-creds/).\n\n## Usage\n\n### Listing AWS Profiles\n\nTo list all profiles configured in your `~/.aws/config` file:\n\n```bash\nget-tmp-creds --list\n```\n\n### AWS SSO Configuration Example\n\n```ini\n[default]\nregion = us-west-2\n\n[profile my-dev-acct]\nsso_start_url = https://mycompany.awsapps.com/start\nsso_region = us-east-1\nsso_account_id = 0123456789\nsso_role_name = PowerUsersRole\nregion = us-west-2\n```\n\n### Getting Temporary Credentials\n\nTo get temporary AWS credentials for a specified profile and save them under that profile in `~/.aws/credentials`:\n\n```bash\nget-tmp-creds <profile_name>\nget-tmp-creds my-dev-acct\n```\n\nThis will:\n1. Clear the SSO cache.\n2. Log in to AWS SSO.\n3. Retrieve and export temporary credentials as environment variables.\n4. Save credentials to `~/.aws/credentials` under the specified profile.\n\n### Options\n\n- **`--list`**: Lists all configured AWS profiles.\n- **`--no-save`**: Prevents saving credentials to `~/.aws/credentials`. By default, credentials are saved under the profile name.\n- **`--set-default`**: If the `default` profile in `~/.aws/credentials` already exists and is non-empty, this option forces the script to overwrite it.\n\n### Example\n\n1. **List Profiles**\n\n ```bash\n get-tmp-creds --list\n ```\n\n2. **Get and Export Credentials**\n\n ```bash\n get-tmp-creds my-profile\n ```\n\n This command logs in to AWS SSO using the `my-profile` profile, retrieves temporary credentials, and writes them to an environment variable file. You can source this file to set the credentials in your current shell session.\n\n3. **Get Credentials without Saving**\n\n ```bash\n get-tmp-creds my-profile --no-save\n ```\n\n This command performs the same actions as the previous command but does not save the credentials to `~/.aws/credentials`.\n\n4. **Set Default Profile**\n\n ```bash\n get-tmp-creds my-profile --set-default\n ```\n\n This command saves the credentials under the `default` profile in `~/.aws/credentials`, even if it is already populated.\n\n## File Permissions\n\nThe script writes temporary credentials to a file named `~/.aws/tmp-creds.sh` with permissions set to `600` (read and write for the owner only). This ensures the file is secure and only accessible by the owner.\n\n## Troubleshooting\n\n- **UnauthorizedException**: If you encounter authorization errors, ensure that you have logged in with AWS SSO and that your access token is valid.\n- **ExpiredToken**: If you see errors related to expired tokens, re-authenticate using `aws sso login` for the respective profile.\n\n## Logging\n\nThe script uses Python\u2019s `logging` module to provide detailed logs of its operations. Logs are output to the console and can help troubleshoot issues or verify that the script is functioning correctly.\n\n## Contributing\n\nFeel free to submit issues, feature requests, or pull requests. Contributions are welcome!\n\n## License\n\nThis project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "A CLI tool for managing AWS SSO temporary credentials.",
"version": "1.0",
"project_urls": {
"Homepage": "https://github.com/aderbique/get-tmp-creds"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "b2d8321fe72d2f76b2c61417d3cf68e0a5d2c1337877be40f63ca0ada9f38db9",
"md5": "d985615a4d0c7b169c8a526744af31fa",
"sha256": "d9b0f8242e32ba3dc98de078e35534a15a9fb732df41c8f18b583aa036d54735"
},
"downloads": -1,
"filename": "get_tmp_creds-1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "d985615a4d0c7b169c8a526744af31fa",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 17932,
"upload_time": "2024-08-30T19:47:16",
"upload_time_iso_8601": "2024-08-30T19:47:16.154263Z",
"url": "https://files.pythonhosted.org/packages/b2/d8/321fe72d2f76b2c61417d3cf68e0a5d2c1337877be40f63ca0ada9f38db9/get_tmp_creds-1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-08-30 19:47:16",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "aderbique",
"github_project": "get-tmp-creds",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "get-tmp-creds"
}
JSON
