Class: SportNginAwsAuditor::AWSSDK
- Inherits:
-
Object
- Object
- SportNginAwsAuditor::AWSSDK
- Defined in:
- lib/sport_ngin_aws_auditor/aws.rb
Class Method Summary collapse
- .authenticate(environment) ⇒ Object
- .authenticate_with_roles(environment) ⇒ Object
- .get_session(mfa_token, mfa_serial_number, access_key_id, secret_access_key) ⇒ Object
Class Method Details
.authenticate(environment) ⇒ Object
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
# File 'lib/sport_ngin_aws_auditor/aws.rb', line 11 def self.authenticate(environment) shared_credentials = Aws::SharedCredentials.new(profile_name: environment) Aws.config.update({region: 'us-east-1', credentials: shared_credentials}) iam = Aws::IAM::Client.new # this will be an array of 0 or 1 because iam.list_mfa_devices.mfa_devices will only return 0 or 1 device per user; # if user doesn't have MFA enabled, then this loop won't even execute iam.list_mfa_devices.mfa_devices.each do |mfadevice| mfa_serial_number = mfadevice.serial_number mfa_token = Output.ask("Enter MFA token: "){ |q| q.validate = /^\d{6}$/ } session_credentials_hash = get_session(mfa_token, mfa_serial_number, shared_credentials.credentials.access_key_id, shared_credentials.credentials.secret_access_key).credentials session_credentials = Aws::Credentials.new(session_credentials_hash.access_key_id, session_credentials_hash.secret_access_key, session_credentials_hash.session_token) Aws.config.update({region: 'us-east-1', credentials: session_credentials}) end end |
.authenticate_with_roles(environment) ⇒ Object
44 45 46 |
# File 'lib/sport_ngin_aws_auditor/aws.rb', line 44 def self.authenticate_with_roles(environment) Aws.config.update({region: 'us-east-1'}) end |
.get_session(mfa_token, mfa_serial_number, access_key_id, secret_access_key) ⇒ Object
34 35 36 37 38 39 40 41 42 |
# File 'lib/sport_ngin_aws_auditor/aws.rb', line 34 def self.get_session(mfa_token, mfa_serial_number, access_key_id, secret_access_key) return @session if @session sts = Aws::STS::Client.new(access_key_id: access_key_id, secret_access_key: secret_access_key, region: 'us-east-1') @session = sts.get_session_token(duration_seconds: 3600, serial_number: mfa_serial_number, token_code: mfa_token) end |