├── .travis.yml ├── LICENSE.md ├── aws-export-profile └── README.md /.travis.yml: -------------------------------------------------------------------------------- 1 | language: sh 2 | 3 | before_script: 4 | - sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ trusty-backports restricted main universe" 5 | - sudo apt-get update -qq 6 | - sudo apt-get install -qq shellcheck 7 | 8 | script: 9 | - shellcheck --shell=bash aws-export-profile 10 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 cytopia 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /aws-export-profile: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Be strict 4 | set -e 5 | set -u 6 | set -o pipefail 7 | 8 | unset_environment() { 9 | echo "unset AWS_ACCESS_KEY_ID" 10 | echo "unset AWS_ACCESS_KEY" 11 | echo "unset AWS_SECRET_ACCESS_KEY" 12 | echo "unset AWS_SECRET_KEY" 13 | echo "unset AWS_SESSION_TOKEN" 14 | echo "unset AWS_DELEGATION_TOKEN" 15 | echo "unset AWS_SECURITY_TOKEN" 16 | echo "unset AWS_REGION" 17 | } 18 | 19 | 20 | # Display usage 21 | if [ "${#}" -gt "0" ]; then 22 | case "${1}" in 23 | -u|--unset) 24 | unset_environment 25 | exit 0 26 | ;; 27 | 28 | -v|--version) 29 | cat << EOF 30 | aws-export-profile v0.4 31 | EOF 32 | exit 0 33 | ;; 34 | 35 | -h|--help) 36 | cat << EOF 37 | Usage: aws-export-profile [profile] [credentials] [config] 38 | aws-export-profile --unset, -u 39 | aws-export-profile --help, -h 40 | aws-export-profile --version, -v 41 | 42 | This bash helper will output AWS export statements of your chosen aws boto profile. 43 | Wrap this script in \$(aws-export-profile) to export those environment variables. 44 | 45 | Optional parameter: 46 | [profile] Boto profile name to export. Default is 'default' 47 | [credentials] Path to your aws credentials file. 48 | Default is ~/.aws/credentials 49 | [config] Path to your aws config file. 50 | If no config file is found, AWS_REGION export will not be available. 51 | Default is ~/.aws/config 52 | 53 | Arguments: 54 | --unset, -u Unset currently set AWS variables from env 55 | --help, -h Show this help screen 56 | --version, -v Show version 57 | 58 | 59 | Available exports: 60 | AWS_ACCESS_KEY_ID 61 | AWS_ACCESS_KEY 62 | AWS_SECRET_ACCESS_KEY 63 | AWS_SECRET_KEY 64 | AWS_SESSION_TOKEN 65 | AWS_DELEGATION_TOKEN 66 | AWS_SECURITY_TOKEN 67 | AWS_REGION 68 | 69 | Examples to show output: 70 | aws-export-profile testing 71 | aws-export-profile production /jenkins/aws/credentials /jenkins/aws/config 72 | 73 | Examples to export: 74 | \$(aws-export-profile testing) 75 | \$(aws-export-profile production /jenkins/aws/credentials /jenkins/aws/config) 76 | 77 | Examples to unset all AWS variables 78 | \$(aws-export-profile -u) 79 | 80 | MIT License 81 | Copyright (c) 2018 cytopia 82 | EOF 83 | exit 0 84 | ;; 85 | 86 | *) 87 | esac 88 | fi 89 | 90 | # Input parameter 91 | PROFILE="${1:-default}" 92 | CREDENTIALS="${2:-${HOME}/.aws/credentials}" 93 | CONFIG="${3:-${HOME}/.aws/config}" 94 | 95 | # Available values in credentials file 96 | aws_access_key_id= 97 | aws_secret_access_key= 98 | aws_session_token= 99 | aws_security_token= 100 | 101 | # Available values in config file 102 | aws_region= 103 | 104 | # Test if credentials file is found, otherwise abort 105 | if [ ! -f "${CREDENTIALS}" ]; then 106 | printf "Error, credentials file does not exist: %s\n" "${CREDENTIALS}" 107 | exit 1 108 | fi 109 | 110 | # Test if config file is found, otherwise no export of region is available 111 | if [ ! -f "${CONFIG}" ]; then 112 | printf "Warning, config file does not exist: %s\n" "${CONFIG}" >&2 113 | printf "Region will not be exported.\n" >&2 114 | fi 115 | 116 | # Trim whitespace 117 | trim() { 118 | local line="${1}" 119 | line="${line#"${line%%[![:space:]]*}"}" 120 | line="${line%"${line##*[![:space:]]}"}" 121 | echo "${line}" 122 | } 123 | 124 | # Extract value from string (Format: NAME = VALUE) 125 | get_val() { 126 | local line="${1}" 127 | echo "${line##*=*[[:space:]]}" 128 | } 129 | 130 | # Read region 131 | if [ -f "${CONFIG}" ]; then 132 | section= 133 | while read -r line; do 134 | # Get section we are currently in 135 | if [[ "${line}" =~ ^[[:space:]]*\[profile[[:space:]]+[-_.a-zA-Z0-9]+\][[:space:]]*$ ]]; then 136 | section="${line%]}" 137 | section="${section#[profile}" 138 | section="$( trim "${section}" )" 139 | fi 140 | # Extract available aws export values 141 | if [ "${section}" = "${PROFILE}" ]; then 142 | if [[ "${line}" =~ ^[[:space:]]*region[[:space:]]*=.*$ ]]; then 143 | aws_region="$( get_val "${line}" )" 144 | fi 145 | fi 146 | done < "${CONFIG}" 147 | fi 148 | 149 | # Read credentials 150 | section= 151 | while read -r line; do 152 | # Get section we are currently in 153 | if [[ "${line}" =~ ^[[:space:]]*\[[-_.a-zA-Z0-9]+\][[:space:]]*$ ]]; then 154 | section="${line%]}" 155 | section="${section#[}" 156 | fi 157 | # Extract available aws export values 158 | if [ "${section}" = "${PROFILE}" ]; then 159 | if [[ "${line}" =~ ^[[:space:]]*aws_access_key_id[[:space:]]*=.*$ ]]; then 160 | aws_access_key_id="$( get_val "${line}" )" 161 | fi 162 | if [[ "${line}" =~ ^[[:space:]]*aws_secret_access_key[[:space:]]*=.*$ ]]; then 163 | aws_secret_access_key="$( get_val "${line}" )" 164 | fi 165 | if [[ "${line}" =~ ^[[:space:]]*aws_session_token[[:space:]]*=.*$ ]]; then 166 | aws_session_token="$( get_val "${line}" )" 167 | fi 168 | if [[ "${line}" =~ ^[[:space:]]*aws_security_token[[:space:]]*=.*$ ]]; then 169 | aws_security_token="$( get_val "${line}" )" 170 | fi 171 | fi 172 | done < "${CREDENTIALS}" 173 | 174 | # Output exports 175 | if [ -n "${aws_access_key_id}" ]; then 176 | echo "export AWS_ACCESS_KEY_ID=${aws_access_key_id}" 177 | echo "export AWS_ACCESS_KEY=${aws_access_key_id}" 178 | fi 179 | if [ -n "${aws_secret_access_key}" ]; then 180 | echo "export AWS_SECRET_ACCESS_KEY=${aws_secret_access_key}" 181 | echo "export AWS_SECRET_KEY=${aws_secret_access_key}" 182 | fi 183 | if [ -n "${aws_session_token}" ]; then 184 | echo "export AWS_SESSION_TOKEN=${aws_session_token}" 185 | echo "export AWS_DELEGATION_TOKEN=${aws_session_token}" 186 | fi 187 | if [ -n "${aws_security_token}" ]; then 188 | echo "export AWS_SECURITY_TOKEN=${aws_security_token}" 189 | # Set DELEGATION_TOKEN only if it wasn't set via session token 190 | if [ -z "${aws_session_token}" ]; then 191 | echo "export AWS_DELEGATION_TOKEN=${aws_security_token}" 192 | fi 193 | fi 194 | if [ -n "${aws_region}" ]; then 195 | echo "export AWS_REGION=${aws_region}" 196 | fi 197 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # aws-export-profile 2 | 3 | `aws-export-profile` is a bash script that will output AWS export statements of your chosen aws boto profile. In case you have to manage multiple AWS accounts that rely on different boto profiles, you can *activate* a chosen profile by making it available in your shell environment. 4 | 5 | This tool reads credentials from `~/.aws/credentials`. If you are looking for a way to export boto profiles via `aws sts assume-role` instead, have a lookt at **[aws-export-assume-profile](https://github.com/cytopia/aws-export-assume-profile)**. 6 | 7 | [![Build Status](https://travis-ci.org/cytopia/aws-export-profile.svg?branch=master)](https://travis-ci.org/cytopia/aws-export-profile) 8 | ![Release](https://img.shields.io/github/release/cytopia/aws-export-profile.svg) 9 | 10 | **Note:** Wrap the command in **`$(aws-export-profile)`** to actually export your boto environment variables. 11 | 12 | 13 | ## But why? 14 | 15 | Most AWS related tools support boto profiles out of the box, such as the `aws-cli` (Example: `aws ec2 --profile $(aws-export-profile staging) 19 | 20 | # Make AWS login available inside your Docker container 21 | user> docker run --rm -it \ 22 | --env AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \ 23 | --env AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \ 24 | --env AWS_REGION=$AWS_REGION \ 25 | my-aws-docker 26 | ``` 27 | 28 | 29 | ## Available exports 30 | 31 | The following export variables are currently supported. 32 | 33 | | Variable | Description | 34 | |------------------------|-------------| 35 | | `AWS_ACCESS_KEY` | Access key | 36 | | `AWS_ACCESS_KEY_ID` | Alternative name for `AWS_ACCESS_KEY`| 37 | | `AWS_SECRET_KEY` | Secret key | 38 | | `AWS_SECRET_ACCESS_KEY`| Alternative name for `AWS_SECRET_KEY`| 39 | | `AWS_SESSION_TOKEN` | Session token | 40 | | `AWS_DELEGATION_TOKEN` | Alternative name for `AWS_SESSION_TOKEN` | 41 | | `AWS_SECURITY_TOKEN` | Secret token | 42 | | `AWS_REGION` | Region| 43 | 44 | 45 | ## Examples 46 | 47 | This tool simply output the exports to stdout. In order to auto-source them, wrap the command in **`$(...)`**. 48 | 49 | #### Boto profile `testing` 50 | 51 | ```bash 52 | user> aws-export-profile testing 53 | 54 | export AWS_ACCESS_KEY_ID="XXXXXXXXXXXXXXXXXXXX" 55 | export AWS_ACCESS_KEY="XXXXXXXXXXXXXXXXXXXX" 56 | export AWS_SECRET_ACCESS_KEY="A1Bc/XXXXXXXXXXXXXXXXXXXXXXXXXXX" 57 | export AWS_SECRET_KEY="A1Bc/XXXXXXXXXXXXXXXXXXXXXXXXXXX" 58 | export AWS_REGION="eu-central-1" 59 | ``` 60 | 61 | #### Boto profile `testing` with custom paths 62 | 63 | ```bash 64 | user> aws-export-profile deploy /jenkins/aws/credentials /jenkins/aws/config 65 | 66 | export AWS_ACCESS_KEY_ID="XXXXXXXXXXXXXXXXXXXX" 67 | export AWS_ACCESS_KEY="XXXXXXXXXXXXXXXXXXXX" 68 | export AWS_SECRET_ACCESS_KEY="A1Bc/XXXXXXXXXXXXXXXXXXXXXXXXXXX" 69 | export AWS_SECRET_KEY="A1Bc/XXXXXXXXXXXXXXXXXXXXXXXXXXX" 70 | export AWS_REGION="eu-central-1" 71 | ``` 72 | 73 | #### Boto profile `production` with more exports 74 | ```bash 75 | user> aws-export-profile production 76 | 77 | export AWS_ACCESS_KEY_ID="XXXXXXXXXXXXXXXXXXXX" 78 | export AWS_ACCESS_KEY="XXXXXXXXXXXXXXXXXXXX" 79 | export AWS_SECRET_ACCESS_KEY="A1Bc/XXXXXXXXXXXXXXXXXXXXXXXXXXX" 80 | export AWS_SECRET_KEY="A1Bc/XXXXXXXXXXXXXXXXXXXXXXXXXXX" 81 | export AWS_SESSION_TOKEN="XXXXXXXXXXXXXXXXx/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXX=" 82 | export AWS_DELEGATION_TOKEN="XXXXXXXXXXXXXXXXx/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXX=" 83 | export AWS_REGION="eu-central-1" 84 | ``` 85 | 86 | #### Export boto profile `production` 87 | ```bash 88 | user> $(aws-export-profile production) 89 | 90 | # Validate 91 | user> env | grep AWS_ 92 | 93 | AWS_ACCESS_KEY_ID="XXXXXXXXXXXXXXXXXXXX" 94 | AWS_ACCESS_KEY="XXXXXXXXXXXXXXXXXXXX" 95 | AWS_SECRET_ACCESS_KEY="A1Bc/XXXXXXXXXXXXXXXXXXXXXXXXXXX" 96 | AWS_SECRET_KEY="A1Bc/XXXXXXXXXXXXXXXXXXXXXXXXXXX" 97 | AWS_SESSION_TOKEN="XXXXXXXXXXXXXXXXx/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXX=" 98 | AWS_DELEGATION_TOKEN="XXXXXXXXXXXXXXXXx/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXX=" 99 | AWS_REGION="eu-central-1" 100 | ``` 101 | 102 | #### Unset all AWS_ variables 103 | ```bash 104 | user> $(aws-export-profile -u) 105 | ``` 106 | 107 | 108 | ## Usage 109 | 110 | ```bash 111 | Usage: aws-export-profile [profile] [credentials] [config] 112 | aws-export-profile --unset, -u 113 | aws-export-profile --help|-h 114 | aws-export-profile --version|-v 115 | 116 | This bash helper will output AWS export statements of your chosen aws boto profile. 117 | Wrap this script in $(aws-export-profile) to export those environment variables. 118 | 119 | Optional parameter: 120 | [profile] Boto profile name to export. Default is 'default' 121 | [credentials] Path to your aws credentials file. 122 | Default is ~/.aws/credentials 123 | [config] Path to your aws config file. 124 | If no config file is found, AWS_REGION export will not be available. 125 | Default is ~/.aws/config 126 | 127 | Arguments: 128 | --unset, -u Unset currently set AWS variables from env 129 | --help, -h Show this help screen 130 | --version, -v Show version 131 | 132 | Available exports: 133 | AWS_ACCESS_KEY_ID 134 | AWS_ACCESS_KEY 135 | AWS_SECRET_ACCESS_KEY 136 | AWS_SECRET_KEY 137 | AWS_SESSION_TOKEN 138 | AWS_DELEGATION_TOKEN 139 | AWS_SECURITY_TOKEN 140 | AWS_REGION 141 | 142 | Examples to show output: 143 | aws-export-profile testing 144 | aws-export-profile production /jenkins/aws/credentials /jenkins/aws/config 145 | 146 | Examples to export: 147 | $(aws-export-profile testing) 148 | $(aws-export-profile production /jenkins/aws/credentials /jenkins/aws/config) 149 | 150 | Examples to unset all AWS variables 151 | \$(aws-export-profile -u) 152 | ``` 153 | 154 | ## License 155 | 156 | **[MIT License](LICENSE.md)** 157 | 158 | Copyright (c) 2018 [cytopia](https://github.com/cytopia) 159 | --------------------------------------------------------------------------------