Class: SportNginAwsAuditor::AWSSDK

Inherits:
Object
  • Object
show all
Defined in:
lib/sport_ngin_aws_auditor/aws.rb

Class Method Summary collapse

Class Method Details

.authenticate(environment) ⇒ Object 



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/sport_ngin_aws_auditor/aws.rb', line 11

def self.authenticate(environment)
  shared_credentials = Aws::SharedCredentials.new(profile_name: environment)
  Aws.config.update({region: 'us-east-1', credentials: shared_credentials})

  iam = Aws::IAM::Client.new

   # this will be an array of 0 or 1 because iam.list_mfa_devices.mfa_devices will only return 0 or 1 device per user;
   # if user doesn't have MFA enabled, then this loop won't even execute
  iam.list_mfa_devices.mfa_devices.each do |mfadevice|
    mfa_serial_number = mfadevice.serial_number
    mfa_token = Output.ask("Enter MFA token: "){ |q|  q.validate = /^\d{6}$/ }
    session_credentials_hash = get_session(mfa_token,
                                           mfa_serial_number,
                                           shared_credentials.credentials.access_key_id,
                                           shared_credentials.credentials.secret_access_key).credentials

    session_credentials = Aws::Credentials.new(session_credentials_hash.access_key_id,
                                               session_credentials_hash.secret_access_key,
                                               session_credentials_hash.session_token)
    Aws.config.update({region: 'us-east-1', credentials: session_credentials})
  end
end

.authenticate_with_roles(environment) ⇒ Object 



44
45
46
 
# File 'lib/sport_ngin_aws_auditor/aws.rb', line 44

def self.authenticate_with_roles(environment)
    Aws.config.update({region: 'us-east-1'})
end

.get_session(mfa_token, mfa_serial_number, access_key_id, secret_access_key) ⇒ Object 



34
35
36
37
38
39
40
41
42
 
# File 'lib/sport_ngin_aws_auditor/aws.rb', line 34

def self.get_session(mfa_token, mfa_serial_number, access_key_id, secret_access_key)
  return @session if @session
  sts = Aws::STS::Client.new(access_key_id: access_key_id,
                             secret_access_key: secret_access_key,
                             region: 'us-east-1')
  @session = sts.get_session_token(duration_seconds: 3600,
                                   serial_number: mfa_serial_number,
                                   token_code: mfa_token)
end