Makes it easier to use multiple AWS accounts when you don't have SSO available. You can easily save multiple profiles, and then log into them with an simple set of commands.
This utility is available in PyPi and can be installed by running:
python3 -m pip install aws-creds
MacBook-Pro:aws-creds HammoTime$ aws-creds --help
Usage: aws-creds [OPTIONS] COMMAND [ARGS]...
aws-creds makes it easier to use multiple AWS accounts when you don't have
SSO available. You can easily save multiple profiles, and then log into
them with an simple set of commands.
Options:
--version Show the version and exit.
--help Show this message and exit.
Commands:
add Adds a new credential profile.
default Used to set the defaults for output type and region.
login Sets the user's AWS credentials to the selected profile.
logout Deletes user's current AWS credentials.
ls Lists all of the saved profiles.
rm Deletes the selected profile.
role Used to login using an assumed role.
rotate Automatically rotates your access keys.
status Prints out information about the credential that is currently in...
update Updates the selected profile with the new values.
The following commands are available within the AWS Credential Picker.
add
: Add a new credential.rm
: Remove a credential.ls
: List all the saved credentials.login
: Login using a credential.logout
: Remove all of the files used by the aws-cli in ~/.aws.status
: Print details about the current session (account/user).update
: Updates the selected profile with new values.rotate
: Rotates your Access Key if you have a spare slot available.default
: Used to manage default region and output type.get
: Prints out the default region and output type.set
: Sets the default region and output type.
role
: Used to manage roles that can be assumed from the cli.add
: Adds a role.assume
: Assumes a saved role.ls
: Lists all roles available to be assumed.rm
: Removes an assumed role permanently from aws-cred config.unassume
: Unassumes a role, switching back to source account.
The following options are available within the AWS Credential Picker.
--help
: Show the help screen.--version
: Print version details.
The AWS Credential Picker is quite simple in it's design. Instead of storing details in the credentials file - which can prove difficult to use with lots of profiles - we store them in a custom JSON file. When you login
, you're actually doing is creating the credentials
and the config
file in ~/.aws
. When you logout
, these files are being deleted.
The reason this was created is that some AWS Utilities and 3rd Party Tools REALLY do not like it if you have multiple profiles and do not treat environment variables correctly. By always having a single credential set, utilities will ALWAYS work.
This script also provides an update on how old your Access Key is and advises you when to rotate them.