GARAGENUM
/
DevOps-Bash-tools
mirror of https://github.com/HariSekhon/DevOps-Bash-tools
13
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
gh-pages
ccmenu
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9b828ace43'
${ noResults }
DevOps-Bash-tools/.bash.d/aws.sh

128 lines
4.3 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# vim:ts=4:sts=4:sw=4:et
#
# Author: Hari Sekhon
# Date: 2012-09-01 13:01:11 +0100
#
# https://github.com/harisekhon/bash-tools
#
# License: see accompanying Hari Sekhon LICENSE file
#
# If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
#
# https://www.linkedin.com/in/harisekhon
#
# ============================================================================ #
# A W S - A m a z o n W e b S e r v i c e s
# ============================================================================ #
srcdir="${srcdir:-$(dirname "${BASH_SOURCE[0]}")/..}"
# shellcheck disable=SC1090
type add_PATH &>/dev/null || . "$srcdir/.bash.d/paths.sh"
# JAVA_HOME needs to be set to use EC2 api tools
#[ -x /usr/bin/java ] && export JAVA_HOME=/usr # errors but still works
# link_latest '/usr/local/ec2-api-tools-*'
if [ -d /usr/local/ec2-api-tools ]; then
export EC2_HOME=/usr/local/ec2-api-tools # this should be a link to the unzipped ec2-api-tools-1.6.1.4/
add_PATH "$EC2_HOME/bin"
fi
# ec2dre - ec2-describe-regions - list regions you have access to and put them here
# TODO: pull a more recent list and have aliases/functions auto-generated from that to export
aws_eu(){
export EC2_URL=ec2.eu-west-1.amazonaws.com
}
aws_useast(){
export EC2_URL=ec2.us-east-1.amazonaws.com
}
#aws_eu
# Storing creds in one place in Boto creds file, pull them straight from there
aws_env(){
local section="${1:-default}"
# export AWS_ACCESS_KEY
# export AWS_SECRET_KEY
# export AWS_SESSION_TOKEN - for multi-factor authentication
local aws_credentials=~/.aws/credentials
local aws_token=~/.aws/token
local boto=~/.boto
if ! [[ "$section" =~ ^[[:alnum:]_-]+$ ]]; then
echo "invalid section name given, must be alphanumeric, dashes and underscores allowed"
return 1
fi
local credentials_file
if [ -f "$aws_credentials" ]; then
credentials_file="$aws_credentials"
# older boto creds
elif [ -f "$boto" ]; then
credentials_file="$boto"
else
echo "no credentials found - didn't find $boto or $aws_credentials"
return 1
fi
local section_data
section_data="$(sed -n "/[[:space:]]*\\[$section\\]/,/^[[:space:]]*\\[/p" "$credentials_file")"
if [ -z "$section_data" ]; then
echo "section [$section] not found in $credentials_file!"
return 1
fi
echo "loading [$section] creds from $credentials_file"
export AWS_PROFILE="$section"
eval "$(
for key in aws_access_key_id aws_secret_access_key aws_session_token; do
awk -F= "/^[[:space:]]*$key/"'{gsub(/[[:space:]]+/, "", $0); gsub(/_id/, "", $1); gsub(/_secret_access/, "_secret", $1); print "export "toupper($1)"="$2}' <<< "$section_data"
done
)"
if [ -f "$aws_token" ]; then
echo "sourcing $aws_token"
# shellcheck disable=SC1090
source "$aws_token"
fi
}
aws_unenv(){
unset AWS_ACCESS_KEY
unset AWS_SECRET_KEY
unset AWS_SESSION_TOKEN
}
aws_token(){
local output
local token
if [ $# -eq 0 ]; then
echo "usage: aws_token <token_from_mfa_device> [<other_options>]"
return 1
fi
if [ -z "${AWS_MFA_ARN:-}" ]; then
echo "environment variable \$AWS_MFA_ARN not set - you need to"
echo
echo "export AWS_MFA_ARN=arn:aws:iam::<123456789012>:mfa/<user>"
echo
echo "(you might want to put that in your ~/.bashrc.local or similar)"
return 1
fi
#aws sts get-session-token --serial-number arn-of-the-mfa-device --token-code code-from-token
output="$(aws sts get-session-token --serial-number "$AWS_MFA_ARN" --duration-seconds "${AWS_STS_DURATION_SECS:-129600}" --token-code "$@")"
result=$?
echo "$output"
if [ $result -ne 0 ]; then
return $result
fi
if type -P jq &>/dev/null; then
token="$(jq -r '.Credentials.SessionToken' <<< "$output")"
else
token-"$(awk -F: '/SessionToken/{print $2}' | sed 's/"//')"
fi
export AWS_SESSION_TOKEN="$token"
echo "exported AWS_SESSION_TOKEN"
echo
echo "export AWS_SESSION_TOKEN=$token" > ~/.aws/token
echo "saved to ~/.aws/token for other shells to source via aws_env()"
echo
echo "you can now use AWS CLI normally"
}
Reference in New Issue View Git Blame Copy Permalink