blob: fe1f098e80b02e6807c03339d76b6837374b2ca7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
function agp() {
echo $AWS_PROFILE
}
# AWS profile selection
function asp() {
if [[ -z "$1" ]]; then
unset AWS_DEFAULT_PROFILE AWS_PROFILE AWS_EB_PROFILE AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
echo AWS profile cleared.
return
fi
local -a available_profiles
available_profiles=($(aws_profiles))
if [[ -z "${available_profiles[(r)$1]}" ]]; then
echo "${fg[red]}Profile '$1' not found in '${AWS_CONFIG_FILE:-$HOME/.aws/config}'" >&2
echo "Available profiles: ${(j:, :)available_profiles:-no profiles found}${reset_color}" >&2
return 1
fi
local exists="$(aws configure get aws_access_key_id --profile $1)"
local role_arn="$(aws configure get role_arn --profile $1)"
local aws_access_key_id=""
local aws_secret_access_key=""
local aws_session_token=""
if [[ -n $exists || -n $role_arn ]]; then
if [[ -n $role_arn ]]; then
local mfa_serial="$(aws configure get mfa_serial --profile $1)"
local mfa_token=""
local mfa_opt=""
if [[ -n $mfa_serial ]]; then
echo "Please enter your MFA token for $mfa_serial:"
read mfa_token
echo "Please enter the session duration in seconds (900-43200; default: 3600, which is the default maximum for a role):"
read sess_duration
if [[ -z $sess_duration ]]; then
sess_duration = 3600
fi
mfa_opt="--serial-number $mfa_serial --token-code $mfa_token --duration-seconds $sess_duration"
fi
local ext_id="$(aws configure get external_id --profile $1)"
local extid_opt=""
if [[ -n $ext_id ]]; then
extid_opt="--external-id $ext_id"
fi
local profile=$1
local source_profile="$(aws configure get source_profile --profile $1)"
if [[ -n $source_profile ]]; then
profile=$source_profile
fi
echo "Assuming role $role_arn using profile $profile"
local assume_cmd=(aws sts assume-role "--profile=$profile" "--role-arn $role_arn" "--role-session-name "$profile"" "$mfa_opt" "$extid_opt")
local JSON="$(eval ${assume_cmd[@]})"
aws_access_key_id="$(echo $JSON | jq -r '.Credentials.AccessKeyId')"
aws_secret_access_key="$(echo $JSON | jq -r '.Credentials.SecretAccessKey')"
aws_session_token="$(echo $JSON | jq -r '.Credentials.SessionToken')"
else
aws_access_key_id="$(aws configure get aws_access_key_id --profile $1)"
aws_secret_access_key="$(aws configure get aws_secret_access_key --profile $1)"
aws_session_token="$(aws configure get aws_session_token --profile $1)"
fi
export AWS_DEFAULT_PROFILE=$1
export AWS_PROFILE=$1
export AWS_EB_PROFILE=$1
export AWS_ACCESS_KEY_ID=$aws_access_key_id
export AWS_SECRET_ACCESS_KEY=$aws_secret_access_key
[[ -z "$aws_session_token" ]] && unset AWS_SESSION_TOKEN || export AWS_SESSION_TOKEN=$aws_session_token
echo "Switched to AWS Profile: $1";
fi
}
function aws_change_access_key() {
if [[ -z "$1" ]]; then
echo "usage: $0 <profile>"
return 1
fi
echo Insert the credentials when asked.
asp "$1" || return 1
AWS_PAGER="" aws iam create-access-key
AWS_PAGER="" aws configure --profile "$1"
echo You can now safely delete the old access key running \`aws iam delete-access-key --access-key-id ID\`
echo Your current keys are:
AWS_PAGER="" aws iam list-access-keys
}
function aws_profiles() {
[[ -r "${AWS_CONFIG_FILE:-$HOME/.aws/config}" ]] || return 1
grep --color=never -Eo '\[.*\]' "${AWS_CONFIG_FILE:-$HOME/.aws/config}" | sed -E 's/^[[:space:]]*\[(profile)?[[:space:]]*([-_[:alnum:]\.@]+)\][[:space:]]*$/\2/g'
}
function _aws_profiles() {
reply=($(aws_profiles))
}
compctl -K _aws_profiles asp aws_change_access_key
# AWS prompt
function aws_prompt_info() {
[[ -z $AWS_PROFILE ]] && return
echo "${ZSH_THEME_AWS_PREFIX:=<aws:}${AWS_PROFILE}${ZSH_THEME_AWS_SUFFIX:=>}"
}
if [ "$SHOW_AWS_PROMPT" != false ]; then
RPROMPT='$(aws_prompt_info)'"$RPROMPT"
fi
# Load awscli completions
# AWS CLI v2 comes with its own autocompletion. Check if that is there, otherwise fall back
if command -v aws_completer &> /dev/null; then
autoload -Uz bashcompinit && bashcompinit
complete -C aws_completer aws
else
function _awscli-homebrew-installed() {
# check if Homebrew is installed
(( $+commands[brew] )) || return 1
# speculatively check default brew prefix
if [ -h /usr/local/opt/awscli ]; then
_brew_prefix=/usr/local/opt/awscli
else
# ok, it is not in the default prefix
# this call to brew is expensive (about 400 ms), so at least let's make it only once
_brew_prefix=$(brew --prefix awscli)
fi
}
# get aws_zsh_completer.sh location from $PATH
_aws_zsh_completer_path="$commands[aws_zsh_completer.sh]"
# otherwise check common locations
if [[ -z $_aws_zsh_completer_path ]]; then
# Homebrew
if _awscli-homebrew-installed; then
_aws_zsh_completer_path=$_brew_prefix/libexec/bin/aws_zsh_completer.sh
# Ubuntu
elif [[ -e /usr/share/zsh/vendor-completions/_awscli ]]; then
_aws_zsh_completer_path=/usr/share/zsh/vendor-completions/_awscli
# NixOS
elif [[ -e "${commands[aws]:P:h:h}/share/zsh/site-functions/aws_zsh_completer.sh" ]]; then
_aws_zsh_completer_path="${commands[aws]:P:h:h}/share/zsh/site-functions/aws_zsh_completer.sh"
# RPM
else
_aws_zsh_completer_path=/usr/share/zsh/site-functions/aws_zsh_completer.sh
fi
fi
[[ -r $_aws_zsh_completer_path ]] && source $_aws_zsh_completer_path
unset _aws_zsh_completer_path _brew_prefix
fi
|
