awsecrets
AWS credentials loader
awsecrets config precedence
- Command Line Options (Awscreds#load method args OR self optparse)
- Environment Variables
- YAML file (secrets.yml)
- The AWS credentials file
- The CLI configuration file
- Instance profile credentials
Installation
Add this line to your application's Gemfile:
gem 'awsecrets'
And then execute:
$ bundle
Or install it yourself as:
$ gem install awsecrets
Usage example
Create command line tool ec2sample
like following code
#!/usr/bin/env ruby
require 'awsecrets'
Awsecrets.load
ec2_client = Aws::EC2::Client.new
puts ec2_client.describe_instances({ instance_ids: [ARGV.first] }).reservations.first.instances.first
And execute
$ ec2sample i-1aa1aaaa --profile mycreds --region ap-northeast-1
or
$ AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXXXXXX AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX AWS_REGION=ap-northeast-1 ec2sample i-1aa1aaaa
or
$ cat <<EOF > secrets.yml
region: ap-northeast-1
aws_access_key_id: XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
EOF
$ ec2sample i-1aa1aaaa
Use AssumeRole
Support role_arn
role_session_name
source_profile
external_id
.
1. .aws/config and .aws/credentials
see http://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html
# .aws/config
[profile assumed]
role_arn = arn:aws:iam::123456780912:role/assumed-role
external_id = myfoo_id
source_profile = assume_test
# .aws/credentials
[assume_test]
aws_access_key_id = XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
And execute
$ ec2sample i-1aa1aaaa --profile assumed --region ap-northeast-1
2. secrets.yml
$ cat <<EOF > secrets.yml
region: ap-northeast-1
aws_access_key_id: XXXXXXXXXXXXXXXXXXXX
aws_secret_access_key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
role_arn = arn:aws:iam::123456780912:role/assumed-role
And execute
$ ec2sample i-1aa1aaaa
Disable load YAML(secrets.yml)
Awsecrets.load(disable_load_secrets:true)
or
Awsecrets.load(secrets_path:false)
Contributing
- Fork it ( https://github.com/k1LoW/awsecrets/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request