awscli_bastion package¶
Submodules¶
awscli_bastion.cache module¶
-
class
awscli_bastion.cache.
Cache
[source]¶ Bases:
object
Manage the bastion-sts credential cache (~/.aws/cli/cache/bastion-sts.json).
-
does_exist
()[source]¶ Return whether or not the bastion-sts credential cache exists.
Return type: bool Returns: Whether or not the bastion-sts credential cache exists.
-
get_expiration
(human_readable=True)[source]¶ Return how much time until the bastion-sts credentials expire.
Parameters: human_readable (bool) – Whether or not to output as human readable. Returns: How much time until the bastion-sts credentials expire. Return type: str
-
awscli_bastion.cli module¶
Manage the command line interface.
awscli_bastion.credentials module¶
-
class
awscli_bastion.credentials.
Credentials
[source]¶ Bases:
object
Manage getting and setting attributes for the aws shared credentials file.
-
clear
(bastion='bastion')[source]¶ Clear sts credentials from the aws shared credentials file.
Parameters: bastion (str) – The profile containing the long-lived IAM credentials. Returns: Whether or not any sts credentials were removed from the aws shared credentials file. Return type: bool
-
get_expiration
(profile='bastion-sts', human_readable=True)[source]¶ Return how much time until the bastion-sts credentials expire.
Parameters: human_readable (bool) – Whether or not to output as human readable. Returns: How much time until the bastion-sts credentials expire. Return type: str
-
get_mfa_serial
(bastion_sts='bastion-sts')[source]¶ Get the mfa serial number for the bastion iam user.
Parameters: bastion_sts (str) – The profile containing the ‘mfa_serial’ attribute. Raises: Exception – Failed to get mfa_serial from bastion_sts profile. Returns: The identification number of the MFA device that is associated with the bastion_sts profile.
-
is_expired
(bastion_sts='bastion-sts')[source]¶ Return whether or not the bastion-sts credentials are expired.
Returns: Whether or not the bastion-sts credentials are expired. Return type: bool
-
set_default
(profile)[source]¶ Set the default profile with attributes from another profile.
Parameters: profile (str) – The profile with a ‘role_arn’ attribute.
-
set_mfa_serial
(mfa_serial=None, bastion_sts='bastion_sts')[source]¶ Set the ‘mfa_serial’ attribute for the given profile, typically the bastion-sts profile.
Parameters: - mfa_serial (str) – The identification number of the MFA device that is associated with the IAM user.
- bastion_sts (str) – The profile that assume role profiles source.
Raises: - ClientError – Failed to get mfa_serial from the iam user.
- Exception – Failed to set mfa_serial for bastion_sts profile.
-
awscli_bastion.minimal module¶
If you are like me, you do not trust open-source tools and libraries to handle admin credentials for your aws accounts. awscli_bastion/minimal.py is written as a script that offers minimal bastion functionality. It is intended to be quick and easy to understand. A minimal number of python libraries are used to reduce security risks.
awscli_bastion.rotate module¶
-
class
awscli_bastion.rotate.
Rotate
(deactivate=False, username=None, bastion='bastion', bastion_sts='bastion-sts', region='us-west-2', credentials=None)[source]¶ Bases:
object
Manages the creation, verification, deletion or deactivation, replacment of aws access keys for the bastion account.
-
is_active
(access_key)[source]¶ Ensure that aws access key is active.
Parameters: access_key (str) – The aws access key to verify activation. Returns: Whether or not the aws access key is active. Return type: bool
-
awscli_bastion.sts module¶
-
class
awscli_bastion.sts.
STS
(bastion='bastion', bastion_sts='bastion-sts', region='us-west-2', credentials=None, cache=None)[source]¶ Bases:
object
A small class that wraps relevant boto3 sts function calls.
-
assume_role
(profile, duration_seconds=3600)[source]¶ Get the short-lived credentials from sts.assume_role().
Parameters: - profile (str) – The profile that contains the ‘role_arn’ and ‘source_profile’ attributes.
- duration_seconds (str) – The duration, in seconds, that the credentials should remain valid.
Returns: sts credentials
Return type: dict
-
get_session_token
(mfa_code=None, mfa_serial=None, duration_seconds=43200)[source]¶ - Get the short-lived credentials from sts.get_session_token()
- if the ‘mfa_code’ is provided. Otherwise, try to look up sts credentials from the cache.
Parameters: - mfa_code (str) – The value provided by the MFA device.
- mfa_serial (str) – The identification number of the MFA device that is associated with the IAM user.
- duration_seconds (str) – The duration, in seconds, that the credentials should remain valid.
Returns: sts credentials
Return type: dict
-
Module contents¶
Top-level package for awscli_bastion.