Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assuming a role from the config #30

Open
omus opened this issue Mar 1, 2018 · 2 comments
Open

Assuming a role from the config #30

omus opened this issue Mar 1, 2018 · 2 comments
Labels
enhancement

Comments

@omus
Copy link
Member

omus commented Mar 1, 2018

When using AWS CLI you can specify in the configuration file a role_arn and a source_profile which allow you to have a profile that automatically assumes a role:

[profile marketingadmin]
role_arn = arn:aws:iam::123456789012:role/marketingadmin
source_profile = default

Trying to use this with AWSCore results in the credentials being not found.

julia> using AWSCore

julia> ENV["AWS_PROFILE"] = "marketingadmin"
"marketingadmin"

julia> AWSCore.aws_config()
Dict{Symbol,Any} with 2 entries:
  :creds  => (notfound, not...)
  :region => "us-east-1"
@samoconnor
Copy link
Contributor

It shouldn't be too difficult to emulate this feature.

In this function:

AWSCore.jl/src/AWSCredentials.jl

Line 262 in d3a8ca4

function dot_aws_credentials()

... we'd have to:

  • check for role_arn in the config file,
  • create an AWSCredentials using the source_profile keys.
  • call STS Assume Role to get role credentials and session token.
  • return a new AWSCredentials created with the role credentials and session token.

STS AssumeRole can be called like this:

using AWSCore.Services.sts
sts([::AWSConfig], "AssumeRole", RoleArn=, RoleSessionName=)

https://juliacloud.github.io/AWSCore.jl/build/AWSSDK.STS.html#AWSSDK.STS.assume_role

and should return something like this:

Dict(
    "AssumedRoleUser" => Dict(
        "Arn" => "arn:aws:sts::123456789012:assumed-role/demo/Bob",
        "AssumedRoleId" => "ARO123EXAMPLE123:Bob"
    ),
    "Credentials" => Dict(
        "AccessKeyId" => "AKIAIOSFODNN7EXAMPLE",
        "Expiration" => "2011-07-15T23:28:33.359Z",
        "SecretAccessKey" => "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
        "SessionToken" => "AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA=="
    ),
    "PackedPolicySize" => 6
)

I have other priorities at the moment. But I'm happy to help out with any issues you have if you'd like to submit a PR.

@omus
Copy link
Member Author

omus commented Mar 2, 2018

Thanks. I also have some other priorities but I at least wanted to make the issue so this doesn't get forgotten :)

@morris25 morris25 mentioned this issue Mar 8, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@omus @samoconnor