awsgen is the software that manage AWS Security Token Service (STS) and enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). For more detailed information about using this service, go to Temporary Security Credentials or take a look in cf-security-accounts.json
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.
You will need to have python and pip installed on your machine.
$ sudo apt-get install python python-pip -y
Right after having it installed you'll need to get aws-cli and aws-gen.
$ sudo pip install awscli awsgen --upgrade --no-cache-dir
To install python go to Python.org
Right after having it installed you'll need to get aws-cli and aws-gen.
> pip install awscli awsgen --upgrade --no-cache-dir
Please add instructions here
First you need to create an account with aws (please go to Amazon Website)
Go to the terminal and create a new AWS profile using the following command:
$ aws-gen configure \
--account AWS_ACCOUNT \
--trust-role-arn TRUSTROLEARN \
--access-key-id AWS_ACCESS_KEY_ID \
--secret-access-key AWS_SECRET_ACCESS_KEY
AWS_ACCOUNT
: stands for the main name of your project or brand, i.e. brand-project or littleBanana-tree. This is important because it will link with your profile later.TRUSTROLEARN
: Role you need to create with a Superadmin user allowing you do whatever you need. This role will give the properly permissions to run builds, create/update/delete cloudformation, create new services on AWS, etc.AWS_ACCESS_KEY_ID
: stands for the access key you will get once you create a user.AWS_SECRET_ACCESS_KEY
: stands for the secret key you will have once you create your user.
After configuring it, you need to create a profile:
$ aws-gen create-profile \
--account AWS_ACCOUNT \
--profile AWS_PROFILE \
--region-name AWS_REGION \
--output AWS_OUTPUT
AWS_REGION
: stands for the region you mostly use on your account, where your infrastructure relies.AWS_OUTPUT
: We usually use JSON as output format, but there are other options you can explore.AWS_PROFILE
: stands for the profile name you want to use. It is important to keep the things organized, so we would recomend to name it follwing the standard username@AWS_ACCOUNT
, i.e. aboscatto@brand-project or danielpn@littleBanana-tree.
If you need to access the AWS Console using the TRUSTROLEARN
role, please do the following:
$ aws-gen get-link --account AWS_ACCOUNT --profile AWS_PROFILE
AWS_ACCOUNT
: stands for the main name of your project or brand, i.e. brand-project or littleBanana-tree. This is important because it will link with your profile later.AWS_PROFILE
: stands for the profile name you want to use. It is important to keep the things organized, so we would recomend to name it follwing the standard username@AWS_ACCOUNT
, i.e. aboscatto@brand-project or danielpn@littleBanana-tree.
If you need to access the AWS using access key over the TRUSTROLEARN
role, please do the following:
$ aws-gen get-key --account AWS_ACCOUNT --profile AWS_PROFILE
AWS_ACCOUNT
: stands for the main name of your project or brand, i.e. brand-project or littleBanana-tree. This is important because it will link with your profile later.AWS_PROFILE
: stands for the profile name you want to use. It is important to keep the things organized, so we would recomend to name it follwing the standard username@AWS_ACCOUNT
, i.e. aboscatto@brand-project or danielpn@littleBanana-tree.
AWS_ACCESS_KEY_ID
: The access key ID that identifies the temporary security credentials.AWS_SECRET_ACCESS_KEY
: The secret access key that can be used to sign requests.AWS_SESSION_TOKEN
: The token that users must pass to the service API to use the temporary credentials.
If you need active profile default, please do the following:
$ aws-gen set-active-profile --profile AWS_PROFILE
AWS_PROFILE
: stands for the profile name you want to use. It is important to keep the things organized, so we would recomend to name it follwing the standard username@AWS_ACCOUNT
, i.e. aboscatto@brand-project or danielpn@littleBanana-tree.
If you need get active profile, please do the following:
$ aws-gen get-active-profile
If you need list profiles, please do the following:
$ aws-gen list-profiles
Doing the deploy with Serverless should be pretty simple and you need to use the --aws-profile parameter
$ sls deploy --aws-profile AWS_PROFILE
Doing the use with aws cli should be pretty simple and you need to use the --profile parameter
$ aws s3 ls --profile AWS_PROFILE
Here is an example of how it should look like during the installing:
$ sudo apt-get install python python-pip -y
$ sudo pip install awscli awsgen --upgrade --no-cache-dir
$ aws-gen configure \
--account brand-project \
--trust-role-arn arn:aws:iam::123456789123:role/AWSTrustUserRole \
--access-key-id AK***************KQ \
--secret-access-key Y*********************0*******P*******S
$ aws-gen create-profile \
--account brand-project \
--profile aboscatto@brand-project \
--region-name us-west-2 \
--output json
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
We use GitHub for versioning. For the versions available, see the tags on this repository.
- Marcos Vallim - Initial work, Test, Documentation - mvallim
- André Boscatto - Validation use, Test, Documentation - andreboscatto
- Kalianne Rosa - Validation use, Test - kaliannerosa
- Daniel Nunes - Validation use, Test - daspn
See also the list of contributors who participated in this project.
This project is licensed under the BSD License - see the LICENSE file for details
- Hat tip to anyone whose code was used
- Inspiration
- etc
Everyone interacting in the awsgen project's codebases, issue trackers, chat rooms, and mailing lists is expected to follow the PyPA Code of Conduct
.