Ape plugin to make transactions through AWS KMS
- python3 version 3.10 or greater, python3-dev
You can install the latest release via pip
:
pip install ape-aws
You can clone the repository and use setuptools
for the most up-to-date version:
git clone https://github.com/ApeWorX/ape-aws.git
cd ape-aws
python3 setup.py install
pip install ape-aws
List commands:
ape aws -h
See logged in profile (useful for debugging auth in containers)
ape aws whoami
To create a new user (recommended for cloud usage)
ape aws users new USER
To delete this user (WARNING this is permanent)
ape aws users remove USER
Create an access key for this user (WARNING don't lose generated token)
ape aws users tokens new USER > .env.USER
To create a new Ethereum signing key (recommended to generate)
ape aws keys generate KEY
To schedule this signing key for deletion (WARNING takes 30 days)
ape aws keys remove KEY
To grant your user access to the signing key (don't forget to do this!)
ape aws keys grant KEY -u USER
First, create a KMS key with the CLI tool
ape console
In [1]: kms_signer = accounts.load("KEY")
In [2]: kms_signer.sign_message("12345")
Out[2]: <MessageSignature v=27, r=0x..., s=0x...>
Now to test your new IAM user's access, you can do the following
env $(echo .env.USER | xargs) ape console
and you should be able to do the same as the above!
Use the access token above to run with your containers by supplying them as environment variables
WARNING: Don't forget to cycle your access tokens on a regular basis to prevent access leakage!
This project is in development and should be considered a beta. Things might not be in their final state and breaking changes may occur. Comments, questions, criticisms and pull requests are welcomed.
To begin, create a virtual environment set up and activate the virtual environment before doing anything for the setup of AWS
- You must have an AWS account
- Must be an AWS Identity and Access Management (IAM) user with administrator access
- Must have configured AWS credentials
- Must have Docker, Python3 and pip installed on your workstation
Create a ~/.aws
folder in your home directory:
mkdir ~/.aws
Note: get your access key and key id from your IAM in you AWS account here.
Create a credentials
file in the ~/.aws
folder:
cat <<EOF > ~/.aws/credentials
[default]
aws_access_key_id = YOUR_ACCESS_KEY
aws_secret_access_key = YOUR_SECRET
EOF
Create a config
file in the ~/.aws
folder:
cat <<EOF > ~/.aws/config
[default]
region = YOUR_REGION
output = json
EOF
For manual setup, follow this article
This project is licensed under the Apache 2.0.