├── .gitignore
├── iam.png
├── screenshot.png
├── README.md
├── LICENSE
├── accounts.json
├── open_role_in_console.py.template
├── iam_role.svg
└── create_workflow.py


/.gitignore:
--------------------------------------------------------------------------------
1 | *.alfredworkflow
2 | icons
3 | 


--------------------------------------------------------------------------------
/iam.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/alexwlchan/aws_console_alfred_shortcuts/main/iam.png


--------------------------------------------------------------------------------
/screenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/alexwlchan/aws_console_alfred_shortcuts/main/screenshot.png


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # aws_console_alfred_shortcuts
 2 | 
 3 | This is a script to help me create an [Alfred Workflow] that lets me switch between roles in the AWS console quickly.
 4 | 
 5 | I work with a lot of [different roles] – when I pick a role using this workflow, it switches to that role in my frontmost Safari tab.
 6 | For example, if I'm looking at Route 53 in account A, and I select a role in account B, then this workflow will switch me to Route 53 in account B.
 7 | 
 8 | <img src="screenshot.png">
 9 | 
10 | [different roles]: https://github.com/wellcomecollection/platform-infrastructure/tree/main/accounts
11 | [Alfred Workflow]: https://www.alfredapp.com/workflows/
12 | 
13 | 
14 | 
15 | ## Usage
16 | 
17 | If you want to use this script yourself, you'll need Python installed.
18 | 
19 | Clone this repo, update the list of roles in `accounts.json`, then run the script:
20 | 
21 | ```
22 | $ python3 create_workflow.py
23 | ```
24 | 
25 | This will create a package `aws_console_roles.alfredworkflow` in the repo; open this to get the shortcut.
26 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright (c) 2023 Alex Chan
 2 | 
 3 | Permission is hereby granted, free of charge, to any person obtaining a
 4 | copy of this software and associated documentation files (the "Software"),
 5 | to deal in the Software without restriction, including without limitation
 6 | the rights to use, copy, modify, merge, publish, distribute, sublicense,
 7 | and/or sell copies of the Software, and to permit persons to whom the Software
 8 | is furnished to do so, subject to the following conditions:
 9 | 
10 | The above copyright notice and this permission notice shall be included in
11 | all copies or substantial portions of the Software.
12 | 
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
16 | THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
17 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
18 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
19 | OTHER DEALINGS IN THE SOFTWARE.
20 | 


--------------------------------------------------------------------------------
/accounts.json:
--------------------------------------------------------------------------------
 1 | [
 2 |   {
 3 |     "id": "760097843905",
 4 |     "role_names": [
 5 |       "platform-read_only",
 6 |       "platform-developer",
 7 |       "platform-admin"
 8 |     ],
 9 |     "color": "red"
10 |   },
11 |   {
12 |     "id": "756629837203",
13 |     "role_names": [
14 |       "catalogue-read_only",
15 |       "catalogue-developer",
16 |       "catalogue-admin"
17 |     ],
18 |     "color": "red"
19 |   },
20 |   {
21 |     "id": "130871440101",
22 |     "role_names": [
23 |       "experience-read_only",
24 |       "experience-developer",
25 |       "experience-admin"
26 |     ],
27 |     "color": "red"
28 |   },
29 |   {
30 |     "id": "269807742353",
31 |     "role_names": [
32 |       "reporting-read_only",
33 |       "reporting-developer",
34 |       "reporting-admin"
35 |     ],
36 |     "color": "red"
37 |   },
38 |   {
39 |     "id": "404315009621",
40 |     "role_names": [
41 |       "digitisation-read_only",
42 |       "digitisation-developer",
43 |       "digitisation-admin"
44 |     ],
45 |     "color": "orange"
46 |   },
47 |   {
48 |     "id": "299497370133",
49 |     "role_names": [
50 |       "workflow-read_only",
51 |       "workflow-developer",
52 |       "workflow-admin"
53 |     ],
54 |     "color": "yellow"
55 |   },
56 |   {
57 |     "id": "975596993436",
58 |     "role_names": [
59 |       "storage-read_only",
60 |       "storage-developer",
61 |       "storage-admin"
62 |     ],
63 |     "color": "green"
64 |   },
65 |   {
66 |     "id": "770700576653",
67 |     "role_names": [
68 |       "identity-read_only",
69 |       "identity-developer",
70 |       "identity-admin"
71 |     ],
72 |     "color": "blue"
73 |   },
74 |   {
75 |     "id": "653428163053",
76 |     "role_names": [
77 |       "digirati-read_only",
78 |       "digirati-developer",
79 |       "digirati-admin"
80 |     ],
81 |     "color": "blue"
82 |   },
83 |   {
84 |     "id": "964279923020",
85 |     "role_names": [
86 |       "data-read_only",
87 |       "data-developer",
88 |       "data-admin"
89 |     ],
90 |     "color": "red"
91 |   }
92 | ]
93 | 


--------------------------------------------------------------------------------
/open_role_in_console.py.template:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | 
 3 | import subprocess
 4 | import sys
 5 | import time
 6 | import webbrowser
 7 | 
 8 | from urllib.parse import quote_plus
 9 | 
10 | 
11 | def get_front_url():
12 |     return subprocess.check_output([
13 |         "osascript", "-e",
14 |         """
15 |         tell application "Safari" to get URL of document 1
16 |         """
17 |     ]).decode("utf8").strip()
18 | 
19 | 
20 | def create_url(account_id, role_name, display_name, redirect_uri, color):
21 |     url = (
22 |         "https://signin.aws.amazon.com/switchrole?"
23 |         "account={account_id}&"
24 |         "roleName={role_name}&"
25 |         "displayName={display_name}&"
26 |         "redirect_uri={redirect_uri}&"
27 |         "color={color}"
28 |     ).format(
29 |         account_id=account_id,
30 |         role_name=role_name,
31 |         display_name=quote_plus(display_name),
32 |         redirect_uri=quote_plus(redirect_uri),
33 |         color=color,
34 |     )
35 | 
36 |     return url
37 | 
38 | 
39 | if __name__ == "__main__":
40 |     role_name = {ROLE_NAME}
41 |     account_id = {ACCOUNT_ID}
42 |     color = {COLOR}
43 |     display_name = {DISPLAY_NAME}
44 | 
45 |     redirect_uri = get_front_url()
46 | 
47 |     url = create_url(
48 |         role_name=role_name,
49 |         account_id=account_id,
50 |         color=color,
51 |         redirect_uri=redirect_uri,
52 |         display_name=display_name,
53 |     )
54 |     webbrowser.open(url)
55 | 
56 |     for _ in range(100):
57 |         front_url = get_front_url()
58 | 
59 |         if front_url == url:
60 |             subprocess.check_call(
61 |                 [
62 |                     "osascript",
63 |                     "-e",
64 |                     """
65 |                 tell application "Safari"
66 |                     tell document 1 to repeat
67 |                         do JavaScript "document.readyState"
68 |                         if the result = "complete" then exit repeat
69 |                         delay 0.1
70 |                     end repeat
71 |                     do JavaScript "document.getElementById('input_switchrole_button').click();" in document 1
72 |                 end tell
73 |                 """,
74 |                 ]
75 |             )
76 |             sys.exit(0)
77 | 
78 |         time.sleep(0.1)
79 | 


--------------------------------------------------------------------------------
/iam_role.svg:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <svg width="48px" height="48px" viewBox="0 0 48 48" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
3 |     <title>Icon-Resource/Security-Identity-and-Compliance/Res_AWS-Identity-Access-Management_Role_48_Light</title>
4 |     <g id="Icon-Resource/Security-Identity-and-Compliance/Res_AWS-Identity-Access-Management_Role_48" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
5 |         <path d="M44.0827,32.581 C43.9267,32.592 43.7697,32.604 43.6207,32.619 C43.0987,32.662 42.5527,32.714 42.0007,32.772 L41.8327,32.79 C40.0677,32.972 38.0697,33.177 37.1187,33.047 C36.5247,32.962 35.4307,32.487 34.2707,31.984 C32.3047,31.132 29.8567,30.07 27.6437,29.9 C24.5977,29.666 19.3347,30.24 15.9407,31.831 C13.9787,31.743 12.1587,31.215 10.7447,30.343 C10.7387,30.071 10.7327,29.799 10.7327,29.694 C10.7327,25.558 12.6707,21.679 16.0527,19.044 C18.3497,17.701 20.9967,16.992 23.7127,16.992 C29.8337,16.992 35.2657,20.609 37.3847,25.934 L36.5717,25.934 C35.7577,25.934 35.0757,26.51 34.9087,27.274 C34.7707,27.222 34.6447,27.175 34.4967,27.118 C32.4677,26.335 29.6837,25.264 26.4657,25.455 C21.7607,25.731 19.4457,26.015 17.6227,26.535 L18.1717,28.459 C19.8397,27.982 22.0397,27.719 26.5827,27.451 C29.3667,27.293 31.9197,28.269 33.7767,28.984 C34.1717,29.137 34.5287,29.27 34.8677,29.391 L34.8677,29.596 C34.8677,30.535 35.6327,31.3 36.5717,31.3 L40.2187,31.3 C41.1557,31.3 41.9197,30.538 41.9227,29.602 L42.2767,29.57 C42.8697,29.517 43.4147,29.464 43.8717,29.419 L44.0827,29.398 L44.0827,32.581 Z M9.7987,34.249 C7.1487,34.612 5.0567,34.288 4.1907,33.753 C4.7157,33.382 5.9007,32.863 6.7347,32.499 C7.4567,32.184 8.1877,31.851 8.8947,31.495 C10.0487,32.374 11.4777,33.033 13.0597,33.426 C12.1447,33.794 11.0117,34.084 9.7987,34.249 L9.7987,34.249 Z M36.8677,29.3 L39.9227,29.3 L39.9227,27.934 L36.8677,27.934 L36.8677,29.3 Z M26.5857,13 C34.9537,13 41.9817,19.295 43.0167,27.492 C42.7287,27.52 42.4247,27.549 42.1037,27.578 L41.9187,27.594 C41.8947,26.676 41.1437,25.934 40.2187,25.934 L39.5077,25.934 C37.3067,19.457 30.9317,14.992 23.7127,14.992 C21.0387,14.992 18.4227,15.604 16.0717,16.767 C16.0887,16.753 16.1027,16.738 16.1177,16.725 C19.0587,14.323 22.7757,13 26.5857,13 L26.5857,13 Z M45.5267,27.794 C45.3817,27.663 45.2107,27.568 45.0287,27.496 C43.9827,18.185 36.0497,11 26.5857,11 C22.3167,11 18.1497,12.483 14.8537,15.175 C10.5007,18.719 8.0047,23.97 8.0047,29.581 C8.0047,29.622 8.0077,29.663 8.0077,29.704 C7.3407,30.039 6.6357,30.359 5.9347,30.666 C3.7987,31.6 2.2557,32.274 2.0257,33.492 C1.9677,33.801 1.9577,34.406 2.5457,34.994 C3.5827,36.031 5.5727,36.403 7.5947,36.403 C8.4367,36.403 9.2827,36.339 10.0687,36.231 C11.4077,36.049 13.9077,35.558 15.6047,34.316 C18.2827,32.375 24.3377,31.649 27.4907,31.894 C29.3697,32.039 31.6457,33.026 33.4757,33.819 C34.8717,34.426 35.9757,34.904 36.8417,35.027 C38.0327,35.19 39.9777,34.99 42.0367,34.779 L42.2097,34.762 C42.7477,34.704 43.2777,34.654 43.8017,34.611 C44.0167,34.59 44.2297,34.575 44.5137,34.555 C45.3937,34.493 46.0827,33.755 46.0827,32.875 L46.0827,29.046 C46.0827,28.568 45.8807,28.112 45.5267,27.794 L45.5267,27.794 Z" id="AWS-Identity-and-Access-Management_Role_Resource-Icon_light-bg" fill="#BF0816"></path>
6 |     </g>
7 | </svg>


--------------------------------------------------------------------------------
/create_workflow.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3
  2 | 
  3 | import hashlib
  4 | import json
  5 | import os
  6 | import plistlib
  7 | import shutil
  8 | import subprocess
  9 | import tempfile
 10 | import uuid
 11 | 
 12 | 
 13 | class AlfredWorkflow:
 14 |     def __init__(self):
 15 |         self.metadata = {
 16 |             "bundleid": "alexwlchan.aws-console-roles",
 17 |             "category": "Internet",
 18 |             "connections": {},
 19 |             "createdby": "@alexwlchan",
 20 |             "description": "Shortcuts to open roles in the AWS console",
 21 |             "name": "AWS console roles",
 22 |             "objects": [],
 23 |             "readme": "",
 24 |             "uidata": {},
 25 |             "version": "1.0.0",
 26 |             "webaddress": "https://github.com/alexwlchan/github_alfred_shortcuts",
 27 |         }
 28 |         self.icons = {}
 29 | 
 30 |     def add_script(self, language, title, shortcut, filename, icon=None):
 31 |         script_types = {
 32 |             "shell": 0,
 33 |             "python": 9,
 34 |         }
 35 | 
 36 |         trigger_object = {
 37 |             "config": {
 38 |                 "argumenttype": 0 if "{query}" in title else 2,
 39 |                 "keyword": shortcut,
 40 |                 "subtext": "",
 41 |                 "text": title,
 42 |                 "withspace": True,
 43 |             },
 44 |             "type": "alfred.workflow.input.keyword",
 45 |             "uid": self.uuid("shortcut", shortcut, title),
 46 |             "version": 1,
 47 |         }
 48 | 
 49 |         with open(filename) as infile:
 50 |             script_body = infile.read()
 51 | 
 52 |         script_object = {
 53 |             "config": {
 54 |                 "concurrently": False,
 55 |                 "escaping": 102,
 56 |                 "script": script_body,
 57 |                 "scriptargtype": 1,
 58 |                 "scriptfile": "",
 59 |                 "type": script_types[language],
 60 |             },
 61 |             "type": "alfred.workflow.action.script",
 62 |             "uid": self.uuid("script", script_body),
 63 |             "version": 2,
 64 |         }
 65 | 
 66 |         self._add_trigger_action_pair(
 67 |             trigger_object=trigger_object, action_object=script_object, icon=icon
 68 |         )
 69 | 
 70 |     def add_aws_console_shortcuts(self, name, color, account_id):
 71 |         if not os.path.exists(f"icons/iam_role_{color}.png"):
 72 |             svg = open("iam_role.svg").read()
 73 | 
 74 |             os.makedirs("icons", exist_ok=True)
 75 | 
 76 |             with open(f"icons/iam_role_{color}.svg", "w") as outfile:
 77 |                 outfile.write(svg.replace('fill="#BF0816"', f'fill="#{color}"'))
 78 | 
 79 |             subprocess.check_call(
 80 |                 [
 81 |                     "convert",
 82 |                     "-background",
 83 |                     "none",
 84 |                     "-density",
 85 |                     "500",
 86 |                     f"icons/iam_role_{color}.svg",
 87 |                     f"icons/iam_role_{color}.png",
 88 |                 ]
 89 |             )
 90 | 
 91 |         icon = f"icons/iam_role_{color}.png"
 92 | 
 93 |         script_base = open("open_role_in_console.py.template").read()
 94 | 
 95 |         script_code = (
 96 |             script_base.replace("{ROLE_NAME}", repr(f"{name}"))
 97 |             .replace("{COLOR}", repr(color))
 98 |             .replace("{ACCOUNT_ID}", repr(account_id))
 99 |             .replace("{DISPLAY_NAME}", repr(name))
100 |         )
101 | 
102 |         _, script_tmp_file = tempfile.mkstemp()
103 |         open(script_tmp_file, "w").write(script_code)
104 | 
105 |         self.add_script(
106 |             language="python",
107 |             title=f"Open AWS role {name}",
108 |             shortcut=name,
109 |             filename=os.path.abspath(script_tmp_file),
110 |             icon=icon,
111 |         )
112 | 
113 |         os.unlink(script_tmp_file)
114 | 
115 |     def uuid(self, *args):
116 |         assert len(args) > 0
117 |         md5 = hashlib.md5()
118 |         for a in args:
119 |             md5.update(a.encode("utf8"))
120 | 
121 |         # Quick check we don't have colliding UUIDs.
122 |         if not hasattr(self, "_md5s"):
123 |             self._md5s = {}
124 |         hex_digest = md5.hexdigest()
125 |         assert hex_digest not in self._md5s, (args, self._md5s[hex_digest])
126 |         self._md5s[hex_digest] = args
127 | 
128 |         return str(uuid.UUID(hex=hex_digest)).upper()
129 | 
130 |     def _add_trigger_action_pair(self, trigger_object, action_object, icon):
131 |         self.metadata["objects"].append(trigger_object)
132 |         self.metadata["objects"].append(action_object)
133 | 
134 |         self.icons[trigger_object["uid"]] = icon
135 | 
136 |         if not hasattr(self, "idx"):
137 |             self.idx = 0
138 | 
139 |         self.metadata["uidata"][trigger_object["uid"]] = {
140 |             "xpos": 150,
141 |             "ypos": 50 + 120 * self.idx,
142 |         }
143 |         self.metadata["uidata"][action_object["uid"]] = {
144 |             "xpos": 600,
145 |             "ypos": 50 + 120 * self.idx,
146 |         }
147 |         self.idx += 1
148 | 
149 |         self.metadata["connections"][trigger_object["uid"]] = [
150 |             {
151 |                 "destinationuid": action_object["uid"],
152 |                 "modifiers": 0,
153 |                 "modifiersubtext": "",
154 |                 "vitoclose": False,
155 |             },
156 |         ]
157 | 
158 |     def assemble_package(self, name):
159 |         with tempfile.TemporaryDirectory() as tmp_dir:
160 |             shutil.copyfile("iam.png", os.path.join(tmp_dir, "Icon.png"))
161 | 
162 |             for icon_id, icon_path in self.icons.items():
163 |                 shutil.copyfile(icon_path, os.path.join(tmp_dir, f"{icon_id}.png"))
164 | 
165 |             plist_path = os.path.join(tmp_dir, "Info.plist")
166 |             plistlib.dump(self.metadata, open(plist_path, "wb"))
167 | 
168 |             shutil.make_archive(
169 |                 base_name=f"{name}.alfredworkflow", format="zip", root_dir=tmp_dir
170 |             )
171 |             shutil.move(f"{name}.alfredworkflow.zip", f"{name}.alfredworkflow")
172 | 
173 | 
174 | if __name__ == "__main__":
175 |     workflow = AlfredWorkflow()
176 | 
177 |     color_map = {
178 |         'red': 'F2B0A9',
179 |         'orange': 'FBBF93',
180 |         'yellow': 'FAD791',
181 |         'green': 'B7CA9D',
182 |         'blue': '99BCE3',
183 |     }
184 | 
185 |     for account in json.load(open("accounts.json")):
186 |         for name in account['role_names']:
187 |             workflow.add_aws_console_shortcuts(account_id=account['id'], name=name, color=color_map[account['color']])
188 | 
189 |     workflow.assemble_package(name="aws_console_roles")
190 | 


--------------------------------------------------------------------------------