Skip to content

cisagov/aws-profile-sync

Repository files navigation

aws-profile-sync ☁️🧻🚰

GitHub Build Status CodeQL Coverage Status Known Vulnerabilities

aws-profile-sync is a command line utility that simplifies the synchronization of AWS credential profiles across groups of users.

Requirements

  • Python versions 3.6 and above. Note that Python 2 is not supported.
  • Git version 2.23 and above if using the Git handler.

Installation

From source:

git clone https://github.com/cisagov/aws-profile-sync.git
cd aws-profile-sync
pip install -r requirements.txt

Usage

The utility reads a credentials file looking for magic #!aws-profile-sync comments. It will then fetch the remote content and intelligently integrate it into a new credentials file.

[cool-user]
aws_access_key_id = XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

#!profile-sync ssh://git@github.com/aceofspades/aws-profiles.git branch=master filename=roles -- source_profile=cool-user role_session_name=lemmy-is-god mfa_serial=arn:aws:iam::123456789012:mfa/ian.kilmister

# This line will get replaced

#!profile-sync-stop

# These lines won't be modified by the utility.
# That was a great time, the summer of '71 - I can't remember it, but I'll never forget it!.

The utility will replace all the content between the #!aws-profile-sync and #!aws-profile-sync-stop lines in the above example. To do this it will:

  • Clone the repository that lives at git@github.com/aceofspades/aws-profiles.git.
  • Switch to the master branch.
  • Read the file roles.
  • Override and replace any values specified after the -- in the magic line.

A copy of your previous credentials file is stored next to it as credentials.backup.

For detailed usage instructions see: aws-profile-sync --help

Contributing

We welcome contributions! Please see CONTRIBUTING.md for details.

License

This project is in the worldwide public domain.

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.