Module: AwsSu

Defined in:

lib/aws_su.rb,
lib/aws_su/version.rb

Overview

Set up the AWS authentication environment for a user who has an ID in a master account and is allowed to switch to a role in another account.

Typical usage scenario:

require 'aws_su'

class RunAwsSu
include AwsSu
end

run_aws_su = RunAwsSu.new
run_aws_su.authenticate(
  profile: 'ds-nonprod',
  duration: '28800',
  region: 'eu-west-2'
)
run_aws_su.ec2_client.describe_vpcs

also sets up current shell so system calls don’t need further authentication:

system('aws ec2 describe-vpcs --region eu-west-2')

It is assumed that the region is set in the first profile in .aws/config, e.g.

[profile master]
region=eu-west-2

or it can be set in the call to authenticate() as shown above

Defined Under Namespace

Classes: Error

Constant Summary

AWS_SUDO_FILE =

Dir.home + '/.awssudo'

AWS_CONFIG_FILE =

Dir.home + '/.aws/config'

DURATION =

'28800'

VERSION =

'0.1.8'

Instance Method Summary

• #authenticate(options = {}) ⇒ Object

  Authenticate user for the session }.

• #ec2_client ⇒ Object

  Configure the ec2 client.

• #elb_client ⇒ Object

  Configure the elb client.

• #iam_client ⇒ Object

  Configure the IAM client.

• #s3_client ⇒ Object

  Configure the S3 client.

• #sqs_client ⇒ Object

  SQS Client.

• #sts_client ⇒ Object

  STS.

Instance Method Details

#authenticate(options = {}) ⇒ Object

Authenticate user for the session }

Parameters:

• options (defaults to: {}) —

  Hash { duration: ‘AWS role session timeout’, region: AWS region, profile: Name of profile in .aws/config to use

# File 'lib/aws_su.rb', line 57

def authenticate(options = {})
  @session = "aws-su-session-#{Time.now.to_i}"
  @profile = options[:profile]
  @duration = options[:duration].nil? ? DURATION : options[:duration]
  @token_ttl = calculate_session_expiry(@duration)

  region = AWSConfig.profiles.first[1][:region]
  region = AWSConfig.profiles[@profile][:region] unless
      AWSConfig.profiles[@profile][:region].nil?
  @region = options[:region].nil? ? region : options[:region]
  raise('Unable to determine region') if @region.nil?

  assume_role
end

#ec2_client ⇒ Object

Configure the ec2 client

# File 'lib/aws_su.rb', line 73

def ec2_client
  Aws::EC2::Client.new
end

#elb_client ⇒ Object

Configure the elb client

# File 'lib/aws_su.rb', line 78

def elb_client
  Aws::ElasticLoadBalancing::Client.new
end

#iam_client ⇒ Object

Configure the IAM client

# File 'lib/aws_su.rb', line 83

def iam_client
  Aws::IAM::Client.new
end

#s3_client ⇒ Object

Configure the S3 client

# File 'lib/aws_su.rb', line 88

def s3_client
  Aws::S3::Client.new
end

#sqs_client ⇒ Object

SQS Client

# File 'lib/aws_su.rb', line 93

def sqs_client
  Aws::SQS::Client.new
end

#sts_client ⇒ Object

STS

# File 'lib/aws_su.rb', line 98

def sts_client
  Aws::STS::Client.new(
    credentials: load_secrets,
    region: @region
  )
end