Last active
April 8, 2017 00:53
-
-
Save neowulf/50f24f19692304ca2ab9bd29da86cc2a to your computer and use it in GitHub Desktop.
Writes temp role credentials
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set of AWS commands |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| aws --region us-west-2 logs describe-log-groups | jq -r .logGroups[].logGroupName | xargs -n 1 aws --region us-west-2 logs delete-log-group --log-group-name | |
| aws --region us-west-2 cloudformation describe-stacks | jq -r '.Stacks[].StackName' | xargs -n1 aws --region us-west-2 cloudformation delete-stack --stack-name | |
| aws --region us-west-2 elasticbeanstalk describe-applications | jq -r .Applications[].ApplicationName | xargs -n1 aws --region us-west-2 elasticbeanstalk delete-application --terminate-env-by-force --application-name | |
| aws --region us-west-2 ec2 describe-snapshots --owner-ids 006383271594 | jq -r .Snapshots[].SnapshotId | xargs -n1 aws --region us-west-2 ec2 delete-snapshot --snapshot-id |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import ConfigParser | |
| import boto3 | |
| def update_sandbox_configs(aws_creds_file, access_role): | |
| superProfile = 'platform' | |
| sandboxProfile = 'sandbox' | |
| session = boto3.Session(profile_name=superProfile) | |
| sts = session.client('sts') | |
| role = sts.assume_role(RoleArn=access_role, RoleSessionName='shared') | |
| config= ConfigParser.RawConfigParser() | |
| config.read(aws_creds_file) | |
| if not config.has_section(sandboxProfile): | |
| config.add_section(sandboxProfile) | |
| config.set(sandboxProfile, 'expires', role['Credentials']['Expiration']) | |
| config.set(sandboxProfile, 'aws_access_key_id', role['Credentials']['AccessKeyId']) | |
| config.set(sandboxProfile, 'aws_secret_access_key', role['Credentials']['SecretAccessKey']) | |
| config.set(sandboxProfile, 'aws_session_token', role['Credentials']['SessionToken']) | |
| print('Expires ' + str(role['Credentials']['Expiration'])) | |
| with open(aws_creds_file, 'wb') as configfile: | |
| config.write(configfile) | |
| if __name__ == '__main__': | |
| """ | |
| Many of the automated aws scripts require a profile to be used. When assuming role, it's much easier to generate | |
| and use temporary credentials when running the AWS CLI. | |
| To get the creds in json: | |
| aws sts assume-role --role-arn arn:aws:iam::NUMBER:role/ROLENAME --role-session-name SESSION_NAME | |
| Install the following python libraries: | |
| boto3==1.4.4 | |
| # Used for eb client | |
| $ export AWS_EB_PROFILE=sandbox | |
| # Used for aws-cli client | |
| $ export AWS_DEFAULT_PROFILE=sandbox | |
| $ cat ~/.aws/config | |
| [default] | |
| output = json | |
| region = us-west-2 | |
| $ cat ~/.aws/credentials | |
| [account1] | |
| aws_access_key_id = xxxx | |
| aws_secret_access_key = yyyy | |
| [platform] | |
| aws_access_key_id = zzzzz | |
| aws_secret_access_key = aaaa | |
| [sandbox] | |
| aws_access_key_id = bbbb | |
| aws_access_access_key = cccc | |
| aws_session_token = dddd | |
| """ | |
| update_sandbox_configs(r'/home/ubuntu/.aws/credentials', | |
| 'arn:aws:iam::NUMBER:role/ROLENAME') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment