Skip to content

Instantly share code, notes, and snippets.

@bombel2
Forked from busser/01-aws-profile.ini
Created April 1, 2021 15:00
Show Gist options
  • Save bombel2/6e635f0449aa70a4d364aea0aad1ec59 to your computer and use it in GitHub Desktop.
Save bombel2/6e635f0449aa70a4d364aea0aad1ec59 to your computer and use it in GitHub Desktop.
Code samples for blog article on AWS profiles
[padok]
aws_access_key_id = AKIA2EKSU7Q0RUO9M5WI
aws_secret_access_key = W8uVHOrecDxuufuSeY2OjYcGIemcxHz4KH9QsHKr
export AWS_PROFILE=padok
aws ec2 describe-instances
sess, err := session.NewSession(&aws.Config{
Credentials: credentials.NewSharedCredentials("", "padok"),
})
terraform {
backend "s3" {
bucket = "padok-terraform-states"
key = "my-app"
profile = "padok"
}
}
provider "aws" {
profile = "padok"
}
provider "aws" {
alias = "staging"
profile = "padok_staging"
}
provider "aws" {
alias = "production"
profile = "padok_production"
}
[padok]
aws_access_key_id = AKIA2EKSU7Q0RUO9M5WI
aws_secret_access_key = W8uVHOrecDxuufuSeY2OjYcGIemcxHz4KH9QsHKr
[padok_staging]
source_profile = padok
role_arn = arn:aws:iam::000011112222:role/my-role
[padok_production]
source_profile = padok
role_arn = arn:aws:iam::333344445555:role/my-role
[padok]
aws_access_key_id = AKIA2EKSU7Q0RUO9M5WI
aws_secret_access_key = W8uVHOrecDxuufuSeY2OjYcGIemcxHz4KH9QsHKr
[padok_production]
source_profile = padok
role_arn = arn:aws:iam::000011112222:role/my-role
[padok_production_alpha]
source_profile = padok_production
role_arn = arn:aws:iam::333344445555:role/my-role
[padok_production_bravo]
source_profile = padok_production
role_arn = arn:aws:iam::666677778888:role/my-role
# AWS credentials and MFA parameters for your IAM user.
# These fields are required to fill in the `padok_mfa` profile.
[padok]
aws_access_key_id = AKIA2EKSU7Q0RUO9M5WI
aws_secret_access_key = W8uVHOrecDxuufuSeY2OjYcGIemcxHz4KH9QsHKr
mfa_serial = arn:aws:iam::000011112222:mfa/my-user
mfa_seed = WOYA1FOALD24FCNVOLS8SQ552N8G600EZT480B16OZM3SD8A0UK3R1VJFB93XNIC
# This profile is filled in automatically by a script.
# The script uses the values in the `padok` profile to perform MFA authentication.
[padok_mfa]
#!/usr/bin/env bash
set -e
echo "[$(date)] Updating credentials..."
ROOT_PROFILE="padok"
MFA_PROFILE="padok_mfa"
# Compute a single-use MFA code
MFA_SERIAL="$(aws configure get mfa_serial --profile $ROOT_PROFILE)"
MFA_SEED="$(aws configure get mfa_seed --profile $ROOT_PROFILE)"
MFA_TOKEN="$(oathtool -b --totp $MFA_SEED)"
# Fetch credentials from AWS with MFA code
CREDENTIALS="$(aws --profile $ROOT_PROFILE sts get-session-token --serial-number $MFA_SERIAL --token-code $MFA_TOKEN)"
# Parse output from previous command
SESSION_TOKEN="$(echo "${CREDENTIALS}" | jq -r '.Credentials.SessionToken')"
ACCESS_KEY_ID="$(echo "${CREDENTIALS}" | jq -r '.Credentials.AccessKeyId')"
SECRET_ACCESS_KEY="$(echo "${CREDENTIALS}" | jq -r '.Credentials.SecretAccessKey')"
# Set credentials in AWS credentials file
aws configure set profile.${MFA_PROFILE}.aws_access_key_id "$ACCESS_KEY_ID"
aws configure set profile.${MFA_PROFILE}.aws_secret_access_key "$SECRET_ACCESS_KEY"
aws configure set profile.${MFA_PROFILE}.aws_session_token "$SESSION_TOKEN"
echo "[$(date)] Credentials updated."
# AWS credentials and MFA parameters for your IAM user.
# These fields are required to fill in the `padok_mfa` profile.
[padok]
aws_access_key_id = AKIA2EKSU7Q0RUO9M5WI
aws_secret_access_key = W8uVHOrecDxuufuSeY2OjYcGIemcxHz4KH9QsHKr
mfa_serial = arn:aws:iam::000011112222:mfa/my-user
mfa_seed = WOYA1FOALD24FCNVOLS8SQ552N8G600EZT480B16OZM3SD8A0UK3R1VJFB93XNIC
# This profile is filled in automatically by a script.
# The script uses the values in the `padok` profile to perform MFA authentication.
[padok_mfa]
aws_access_key_id = ASIA2934BCRXCO30VXYN
aws_secret_access_key = tkXrvAWiuMXewOl94lTQ2zuBNL3zRjlJ3dWzjET9
aws_session_token = a/very/long/token/string
0,30 * * * * PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin ~/.aws/update-credentials.sh
# AWS credentials and MFA parameters for your IAM user.
# These fields are required to fill in the `padok_mfa` profile.
[padok]
aws_access_key_id = AKIA2EKSU7Q0RUO9M5WI
aws_secret_access_key = W8uVHOrecDxuufuSeY2OjYcGIemcxHz4KH9QsHKr
mfa_serial = arn:aws:iam::000011112222:mfa/my-user
mfa_seed = WOYA1FOALD24FCNVOLS8SQ552N8G600EZT480B16OZM3SD8A0UK3R1VJFB93XNIC
# This profile is filled in automatically by a script.
# The script uses the values in the `padok` profile to perform MFA authentication.
[padok_mfa]
[padok_production]
source_profile = padok_mfa
role_arn = arn:aws:iam::000011112222:role/my-role
[padok_production_alpha]
source_profile = padok_production
role_arn = arn:aws:iam::333344445555:role/my-role
[padok_production_bravo]
source_profile = padok_production
role_arn = arn:aws:iam::666677778888:role/my-role
export AWS_PROFILE=padok_production_alpha
aws ec2 describe-instances
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment