-
Notifications
You must be signed in to change notification settings - Fork 0
/
aws-support.module
91 lines (78 loc) · 3.38 KB
/
aws-support.module
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# Meant to be sourced by 'Bash Magic Enviro'
# Offers support for development against AWS
aws-support_load() {
local unmet_dependencies=false
# Check jq availabilty
if ! which jq > /dev/null; then
bme_log "${C_BOLD}'jq'${C_NC} command not found. Please install it." error 1
unmet_dependencies=true
fi
# Check awscli (optional, since it can also be loaded form a virtualenv)
if ! which aws > /dev/null; then
if ! [[ "${BME_ACTIVE_MODULES[@]}" =~ 'python3-virtualenvs' ]]; then
local log_msg="${C_BOLD}'aws'${C_NC} command not found.\n"
log_msg+="\t\tYou should activate ${C_BOLD}'python3-virtualenvs'${C_NC} ${C_BOLD}BEFORE${C_NC} this one,\n"
log_msg+="\t\tand load a suitable python virtualenv before calling ${C_BOLD}'load_aws_credentials'${C_NC}."
bme_log "${log_msg}" error 1
unmet_dependencies=true
else
local log_msg="${C_BOLD}'aws'${C_NC} command not found.\n"
log_msg+="\t\tMake sure you load a suitable python virtualenv before calling ${C_BOLD}'load_aws_credentials'${C_NC}."
bme_log "${log_msg}" warning 1
fi
fi
# Check user's MFA token
if [ -z ${AWS_MFA+x} ]; then
local log_msg="Environment variable ${C_BOLD}'\$AWS_MFA'${C_NC} can't be found.\n"
log_msg+="\t\tRemember you should export your AWS MFA device's ID in that variable."
bme_log "${log_msg}" error 1
unmet_dependencies=true
fi
# Final message
if ($unmet_dependencies); then
aws-support_unload
bme_log "${C_BOLD}'aws-support'${C_NC} not loaded. See missed dependencies above." error 1
return -1
else
export AWS_SDK_LOAD_CONFIG=1
bme_log "${C_BOLD}'aws-support'${C_NC} loaded." info 1
bme_log "${C_BOLD}load_aws_credentials${C_NC} - Loads your personal AWS access credentials." function 2
fi
}
aws-support_unload() {
unset -f load_aws_credentials
unset AWS_SESSION_TOKEN
unset AWS_SECRET_ACCESS_KEY
unset AWS_ACCESS_KEY_ID
unset AWS_SESSION_EXPIRATION
unset AWS_SDK_LOAD_CONFIG
}
# Grabs an AWS session token and exports required variables
load_aws_credentials() {
# Check for run-time dependencies
if ! which aws > /dev/null; then
local log_msg="${C_BOLD}'aws'${C_NC} command not found.\n"
log_msg+="\tMake sure you load a suitable python virtualenv before calling ${C_BOLD}'load_aws_credentials'${C_NC}."
bme_log "${log_msg}" error
return -1
fi
# Only request an AWS_SESSION_TOKEN if not already present
if [ -z ${AWS_SESSION_TOKEN+x} ]; then
# Existing environment variables can cause issues, so we unset them first
unset AWS_SESSION_TOKEN
unset AWS_SECRET_ACCESS_KEY
unset AWS_ACCESS_KEY_ID
unset AWS_SESSION_EXPIRATION
# Get One Time Password from the user's MFA device
echo -n "Please enter your AWS MFA's One Time Password: "
read aws_otp
# Grab AWS credentials
local aws_credentials=`aws sts get-session-token --serial-number $AWS_MFA --token-code $aws_otp` || return $?
unset aws_otp
# Parse the response into separate variables - the sed statement is needed to strip the quotation marks
export AWS_ACCESS_KEY_ID=`echo $aws_credentials | jq .Credentials.AccessKeyId | sed -e 's/^"//' -e 's/"$//'`
export AWS_SECRET_ACCESS_KEY=`echo $aws_credentials | jq .Credentials.SecretAccessKey | sed -e 's/^"//' -e 's/"$//'`
export AWS_SESSION_TOKEN=`echo $aws_credentials | jq .Credentials.SessionToken | sed -e 's/^"//' -e 's/"$//'`
export AWS_SESSION_EXPIRATION=`echo $aws_credentials | jq .Credentials.Expiration | sed -e 's/^"//' -e 's/"$//'`
fi
}