Rs.aws-login - A command line utility to simplify logging into AWS services.

Overview

aws-login

A command line utility to simplify logging into AWS accounts and services.

$ aws-login use
? Please select a profile to use: ›
❯ dev-read
  dev-write

$ echo $AWS_PROFILE
dev-read

$ aws-login use --profile dev-write

$ echo $AWS_PROFILE
dev-write

Table of Contents

Requirements

  • AWS CLI v2

Development

  • Rust 1.57

Installation

  1. Go to the Releases page.
  2. Download a release for your OS.
  3. Unzip the release.
    • unzip -j aws-login_linux_amd64.zip
  4. Make aws-login executable.
    • chmod 755 aws-login
  5. Move aws-login to somewhere in your $PATH.
  6. Run aws-login shell install -s $SHELL, where $SHELL is your supported shell.
    • See aws-login shell --help for a list of supported shells.
  7. Start a new shell session.

macOS

On more recent versions of macOS, Gatekeeper will block your attempt to run the application because it is not signed with an Apple Developer certificate. Please see this guide on how to work around this issue.

Usage

Before we dive into using the application, you need to be aware of how profiles work with the AWS CLI. The official AWS CLI supports the use of profiles so that information such as accounts, roles, and preferences are remembered. This saves you from having to provide that information each time you want to do something.

The aws-login utility attempts to take full advantage of AWS CLI profiles. When "active AWS CLI profile" is mentioned, it means one of two things:

  • The value of the AWS_PROFILE environment variable.
  • Or "default".

By default, everything you do with aws-login will use the profile found in one of the places mentioned above and in the order they are listed. However, like AWS CLI, you can change the profile you are working with by using the --profile option.

Configuring Docker to use ECR

aws-login ecr

This subcommand will configure Docker to use the Elastic Container Registry in the AWS account for your active AWS CLI profile. If the region for your ECR differs from the default region configured for your profile, remember to specify it with the --region option.

Configure kubectl to use EKS

aws-login eks

This subcommand will prompt you to choose an EKS cluster from a list found in the AWS account for your active AWS CLI profile. Once a selection is made, the configuration for kubectl is updated to support connecting to that EKS cluster. Remember to log in before attempting to do so, fresh credentials may be required.

Log into an AWS account using AWS SSO portal

aws-login sso

This subcommand will use the AWS SSO portal settings in your active AWS CLI profile for authentication. If the required settings are missing, you will be prompted to provide them before authentication can proceed.

Setting up and activating AWS CLI profiles

aws-login use

This subcommand will prompt you to selected from a list of existing AWS CLI profiles and available profile templates. If a profile template is selected and a corresponding AWS CLI profile does not already exist, it will be automatically configured using the template. Once a selection has been made, the shell environment is modified to make it the active AWS CLI profile for the duration of the shell session.

Working with profile templates

The use subcommand does not simply offer you the ability to select existing AWS CLI profiles, but also offers the ability to use profile templates to configure new AWS CLI profiles. These templates are stored in JSON file called templates.json (found in ~/.config/aws-login/ or %APPDATA\Roaming\AWS Login\).

This is what a collection of profile templates looks like:

{
    "base": {
        "enabled": false,
        "settings": {
            "output": "json",
            "region": "us-east-1",
            "sso_region": "us-east-1",
            "sso_start_url": "https://my-sso-portal.awsapps.com/start"
        }
    },
    "dev-read": {
        "extends": "base",
        "settings": {
            "sso_account_id": 123456789012,
            "sso_role_name": "ReadOnly"
        }
    },
    "dev-write": {
        "extends": "dev-read",
        "settings": {
            "sso_role_name": "Developer"
        }
    }
}

The base profile template serves as the foundation for other templates to build upon. It provides some common settings such as where the SSO portal is located. Because this is not a fully configured profile, and is intended to be used by other templates, enabled is set to false so that it is not listed as an option to select from when aws-login use is run.

The dev-read profile template uses the base template by specifying it under the extends key, and adds its own SSO settings that make it ready to be used for authentication. If dev-read provided its own region, it would override the region set by the base profile.

The dev-write profile template demonstrates that your profile dependency tree can go as deep as you need. In this template, we re-use all of the settings from dev-read (and consequently, base) but override the sso_role_name we want to use.

Okay, but why?

Here is an example scenario:

You are a new hire at a company that hosts all of their services in AWS. As part of the onboarding process, you work on setting up your workstation so that you can use AWS CLI to interact with the cloud environment. Instead of asking around, searching Confluence/Sharepoint/etc, or figuring it out on your own, you install aws-login and run the pull subcommand with a URL you were provided.

You now have immediate access to various AWS accounts and services.

Downloading and installing profile templates

You may want to familiarize yourself with this first: Setting up and activating AWS CLI profiles

aws-login pull https://www.example.com/path/to/templates.json

This subcommand will download a remote profile templates file and store a copy for later use. If a local templates file already exists, you will be asked if you would like to merge with the existing file or replace it.

Comments
  • Use a self-signed certificate to sign macOS builds.

    Use a self-signed certificate to sign macOS builds.

    The following checks have been done.

    • [X] I could not find another enhancement request that covers what I need.
    • [X] This request does not cover existing functionality.

    What existing feature needs to be enhanced?

    All releases for macOS.

    What problem is being solved?

    The binaries are not signed and complicate the user experience in launching the application.

    How would you like to see this problem solved?

    Create and use a self-signed certificate to sign macOS releases.

    Some additional context.

    Enhancement macOS 
    opened by kherge 2
  • An empty object is saved when `pull` is used.

    An empty object is saved when `pull` is used.

    The following checks have been done.

    • [X] I could not find another bug report that covers what I discovered.
    • [X] This report does not request new features or enhancements.

    What is the current behavior?

    When using the pull subcommand, an empty object is saved to the templates.json file.

    What is the expected behavior?

    When using the pull command, the downloaded templates should be saved to the templates.json file.

    Some additional context.

    • Running the command in admin mode does not change anything.
    • Maybe reqwest is failing silently?
    Bug 
    opened by kherge 1
  • No help font color in PowerShell.

    No help font color in PowerShell.

    The following checks have been done.

    • [X] I could not find another bug report that covers what I discovered.
    • [X] This report does not request new features or enhancements.

    What is the current behavior?

    When running the application in PowerShell without any arguments, the help screen does not have any font color.

    What is the expected behavior?

    When running the application in PowerShell without any arguments, the help screen should have the same colors that other terminals support.

    Some additional context.

    Bug User Experience 
    opened by kherge 1
  • Missing `~/.config/aws-login/templates.json` file is not handled gracefully.

    Missing `~/.config/aws-login/templates.json` file is not handled gracefully.

    The following checks have been done.

    • [X] I could not find another bug report that covers what I discovered.
    • [X] This report does not request new features or enhancements.

    What is the current behavior?

    The use subcommand produces an error if no existing AWS CLI profiles are found and the profile templates file does not exist.

    $ aws-login use
    Could not get a list of existing AWS CLI profiles.
      No such file or directory (os error 2)
    

    What is the expected behavior?

    The subcommand should detect this scenario and display a more elegant error message.

    $ aws-login use
    There are no profiles available.
    

    Some additional context.

    No response

    Bug User Experience 
    opened by kherge 1
  • A subcommand to assume and unassume IAM roles.

    A subcommand to assume and unassume IAM roles.

    The following checks have been done.

    • [X] I could not find another feature request that covers what I need.
    • [X] This request does not cover existing functionality.

    What problem is being solved?

    Using AWS CLI to assume and assume roles can be tedious and confusing.

    How would you like to see this problem solved?

    A subcommand could be created to automatically handle shell environment changes required for assuming and unassuming roles.

    Some additional context.

    Feature 
    opened by kherge 1
  • Create a subcommand to log in to RDS using IAM authentication.

    Create a subcommand to log in to RDS using IAM authentication.

    It would be useful to have a subcommand that takes care of generating credentials to authenticate into an RDS cluster using IAM authentication.

    • [ ] Create an rds subcommand.
    opened by kherge 1
  • Create a subcommand to assume a role.

    Create a subcommand to assume a role.

    It would be very handy to have a subcommand that simplifies the process of assuming and unassuming a role.

    • [ ] Create an assume subcommand.
    • [ ] Create an unassume subcommand.
    opened by kherge 1
  • Outdated Cargo.lock failing builds.

    Outdated Cargo.lock failing builds.

    The following checks have been done.

    • [X] I could not find another bug report that covers what I discovered.
    • [X] This report does not request new features or enhancements.

    What is the current behavior?

    Current build fails on the following command:

    cargo build --release --locked
    

    What is the expected behavior?

    For the build to successfully complete.

    Some additional context.

    I introduced this issue when I pushed directly to master. Lesson learned.

    Bug Releasing 
    opened by kherge 0
  • Use the CarLI command line application framework.

    Use the CarLI command line application framework.

    The following checks have been done.

    • [X] I could not find another enhancement request that covers what I need.
    • [X] This request does not cover existing functionality.

    What existing feature needs to be enhanced?

    The application infrastructure.

    What problem is being solved?

    aws-login directly owns responsibility for how the application should be designed.

    How would you like to see this problem solved?

    Delegate this to a library dedicated for it, and possibly benefit from improvements made to the library over time.

    Some additional context.

    I am mostly dogfooding CarLI.

    Enhancement 
    opened by kherge 0
  • Creating a subcommand to generate RDS Proxy IAM auth tokens.

    Creating a subcommand to generate RDS Proxy IAM auth tokens.

    Origin

    Closes #8

    Additional Context

    There are a couple of pieces of information that we cannot infer from the data that is available to us, so it needs to be requested from the user where needed.

    • For example, PostgreSQL will always use port 5432 but it is implied that it could be other ports for MySQL.
    • There is also no way of determining the appropriate usernames to select from without having access to Secrets Manager, which will not be available in most cases.
    opened by kherrera-ebsco 0
  • Color change for error messages persist after app.

    Color change for error messages persist after app.

    The following checks have been done.

    • [X] I could not find another bug report that covers what I discovered.
    • [X] This report does not request new features or enhancements.

    What is the current behavior?

    When you run the application and an error message is printed, all following text is now the same color as the error text. This persists even with other applications that are used.

    What is the expected behavior?

    The color should reset to their defaults after the error message is printed.

    Some additional context.

    No response

    Bug PowerShell 
    opened by kherge 0
  • Allow endpoint to be selected for RDS subcommand.

    Allow endpoint to be selected for RDS subcommand.

    The following checks have been done.

    • [X] I could not find another enhancement request that covers what I need.
    • [X] This request does not cover existing functionality.

    What existing feature needs to be enhanced?

    The ability to generate an auth token for RDS Proxy IAM authentication.

    What problem is being solved?

    We currently cannot select an endpoint for an RDS proxy.

    How would you like to see this problem solved?

    Include the option of selecting an endpoint for a proxy (e.g. read/write, read-only, etc.).

    Some additional context.

    No response

    Enhancement 
    opened by kherrera-ebsco 0
  • Unable to navigate profile names in `aws-login use` when using Git for Windows (MINGW).

    Unable to navigate profile names in `aws-login use` when using Git for Windows (MINGW).

    The following checks have been done.

    • [X] I could not find another bug report that covers what I discovered.
    • [X] This report does not request new features or enhancements.

    What is the current behavior?

    When presented with a long list of profiles when running aws-login use, keyboard navigation through the list does not work.

    What is the expected behavior?

    For keyboard navigation to work properly as it does in other shells.

    Some additional context.

    No response

    Bug 
    opened by kherge 0
  • Incorrect path separator used when running in Git for Windows (MINGW) when install shell script.

    Incorrect path separator used when running in Git for Windows (MINGW) when install shell script.

    The following checks have been done.

    • [X] I could not find another bug report that covers what I discovered.
    • [X] This report does not request new features or enhancements.

    What is the current behavior?

    Windows path separator is used in Windows when running in Git for Windows shell while running shell script installer.

    What is the expected behavior?

    Use the Unix path separator on shell script installation.

    Some additional context.

    No response

    Bug 
    opened by kherge 0
  • Support using `$SHELL` as `shell install -s` option value.

    Support using `$SHELL` as `shell install -s` option value.

    The following checks have been done.

    • [X] I could not find another enhancement request that covers what I need.
    • [X] This request does not cover existing functionality.

    What existing feature needs to be enhanced?

    The shell script installer.

    What problem is being solved?

    It is not convenient to read through the documentation to specify the desired shell integration.

    How would you like to see this problem solved?

    Use the SHELL environment variable to determine which shell integration option to use.

    Some additional context.

    No response

    Enhancement 
    opened by kherge 0
  • Make profile list searchable.

    Make profile list searchable.

    The following checks have been done.

    • [X] I could not find another enhancement request that covers what I need.
    • [X] This request does not cover existing functionality.

    What existing feature needs to be enhanced?

    The aws-login use prompt that is used to select a profile.

    What problem is being solved?

    I would like to make it easier to find a profile to use.

    How would you like to see this problem solved?

    The list of profiles to select from should be filtered by a text search against a full or partial match of the profile name.

    Before

    ❯ aws-login use
    ? Please select a profile to use: ›
    ❯ profile-1
      profile-2a
      profile-2b
      profile-3
    (Move up and down to reveal more choices)
    

    After

    ❯ aws-login use
    ? Please select a profile to use: › 2
    ❯ profile-2a
      profile-2b
    (Move up and down to reveal more choices)
    

    Some additional context.

    No response

    Enhancement 
    opened by kherrera-ebsco 0
  • Document managing ExecutionPolicy for PowerShell profile scripts.

    Document managing ExecutionPolicy for PowerShell profile scripts.

    The following checks have been done.

    • [X] I could not find another enhancement request that covers what I need.
    • [X] This request does not cover existing functionality.

    What existing feature needs to be enhanced?

    The documentation for integrating into PowerShell.

    What problem is being solved?

    Some PowerShell configurations may have their ExecutionPolicy undefined which prevents the integration script from being loaded.

    How would you like to see this problem solved?

    Update the documentation to help PowerShell users that get caught by this issue.

    1. Check what the ExecutionPolicy is for CurrentUser.
      Get-ExecutionPolicy -List
      
    2. Allow local scripts to be executed.
      Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned
      

    Some additional context.

    This appears to be a Windows specific issue beginning with PowerShell 6.0 (see -ExecutionPolicy documentation).

    Documentation Enhancement Windows 
    opened by kherrera-ebsco 0
Releases(1.2.1)
Owner
Kevin Herrera
Kevin Herrera
This repo is a sample video search app using AWS services.

Video Search This repo is a sample video search app using AWS services. You can check the demo on this link. Features Transcribing Video and generate

AWS Samples 8 Jan 5, 2023
Aws-sdk-rust - AWS SDK for the Rust Programming Language

The AWS SDK for Rust This repo contains the new AWS SDK for Rust (the SDK) and its public roadmap. Please Note: The SDK is currently released as a dev

Amazon Web Services - Labs 2k Jan 3, 2023
📦 🚀 a smooth-talking smuggler of Rust HTTP functions into AWS lambda

lando ?? maintenance mode ahead ?? As of this announcement AWS not officialy supports Rust through this project. As mentioned below this projects goal

Doug Tangren 68 Dec 7, 2021
A fast, multi-threaded line counting utility written in Rust.

xloc A fast, multi-threaded line counting utility written in Rust. What is xloc A drop in replacement for bash's wc -l. Your project has x lines of co

null 1 Nov 15, 2021
Remote Secret Editor for AWS Secret Manager

Barberousse - Remote Secrets Editor About Usage Options Printing Editing Copying RoadMap 1.0 1.1 Future About A project aimed to avoid downloading sec

Mohamed Zenadi 18 Sep 28, 2021
Rust client for AWS Infinidash service.

AWS Infinidash - Fully featured Rust client Fully featured AWS Infinidash client for Rust applications. You can use the AWS Infinidash client to make

Rafael Carício 15 Feb 12, 2022
Rusoto is an AWS SDK for Rust

Rusoto is an AWS SDK for Rust You may be looking for: An overview of Rusoto AWS services supported by Rusoto API documentation Getting help with Rusot

null 2.6k Jan 3, 2023
Easy switch between AWS Profiles and Regions

AWSP - CLI To Manage your AWS Profiles! AWSP provides an interactive terminal to interact with your AWS Profiles. The aim of this project is to make i

KubeOps Skills 14 Dec 25, 2022
Simple fake AWS Cognito User Pool API server for development.

Fakey Cognito ?? Homepage Simple fake AWS Cognito API server for development. ✅ Implemented features AdminXxx on User Pools API. Get Started # run wit

naokirin 4 Aug 30, 2022
Postgres proxy which allows tools that don't natively supports IAM auth to connect to AWS RDS instances.

rds-iamauth-proxy rds-proxy lets you make use of IAM-based authentication to AWS RDS instances from tools that don't natively support that method of a

Gold Fig Labs Inc. 10 Nov 7, 2022
A tool to run web applications on AWS Lambda without changing code.

AWS Lambda Adapter A tool to run web applications on AWS Lambda without changing code. How does it work? AWS Lambda Adapter supports AWS Lambda functi

AWS Samples 321 Jan 2, 2023
Cookiecutter templates for Serverless applications using AWS SAM and the Rust programming language.

Cookiecutter SAM template for Lambda functions in Rust This is a Cookiecutter template to create a serverless application based on the Serverless Appl

AWS Samples 24 Nov 11, 2022
Ref Arch: Serverless GraphQL in Rust on AWS

A Whole Hog Reference Architecture for an Apollo Federation-Ready, Serverless, Rust-Based GraphQL Microservice on AWS using Cloud Development Kit (CDK)

Michael Edelman 3 Jan 12, 2022
cargo-lambda a Cargo subcommand to help you work with AWS Lambda

cargo-lambda cargo-lambda is a Cargo subcommand to help you work with AWS Lambda. This subcommand compiles AWS Lambda functions natively and produces

David Calavera 184 Jan 5, 2023
cargo-lambda is a Cargo subcommand to help you work with AWS Lambda.

cargo-lambda cargo-lambda is a Cargo subcommand to help you work with AWS Lambda. The new subcommand creates a basic Rust package from a well defined

null 184 Jan 5, 2023
A Rust runtime for AWS Lambda

Rust Runtime for AWS Lambda This package makes it easy to run AWS Lambda Functions written in Rust. This workspace includes multiple crates: lambda-ru

Amazon Web Services - Labs 2.4k Dec 29, 2022
Managing schema for AWS Athena in GitOps-style

athena-rs Managing AWS Athena Schemas Installation $ cargo install --git https://github.com/duyet/athena-rs $ athena --help athena 0.1.0 Duyet <me@du

Duyet Le 3 Sep 25, 2022
Serverless search for AWS.

Pathery ?? Serverless Search ?? Pathery is a serverless search service built on AWS using Rust, CDK and Tantivy. ?? WARNING: This is currently a work

Tyler van Hensbergen 40 Jan 3, 2023
This repo scans pypi, rubygems and hexpm for AWS keys

What is this? This is a project to try to detect any AWS access keys that are accidentally uploaded to the Python Package Index (PyPi). New uploads ar

Tom Forbes 80 Jan 28, 2023