-
Notifications
You must be signed in to change notification settings - Fork 3
/
awssts.sh
executable file
·108 lines (103 loc) · 3.7 KB
/
awssts.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
#!/bin/bash
_awssts_dir="$(command cd "$(dirname "${BASH_SOURCE}")"; pwd)"
_awssts_script="${_awssts_dir}/${BASH_SOURCE##*/}"
awssts() {
aws_account_name="$1"; shift
# if an argument is passed, execute it
if [ "$1" ]; then
( set -e; awssts "${aws_account_name}"; $@ ); return $?
fi
eval $(${_awssts_script} "${aws_account_name}")
}
# Check if the script is being sourced or not
# More info https://stackoverflow.com/a/2687092/395686
if [ "$BASH_SOURCE" != "$0" ]; then
# The file is being source, stop processing
return 0
fi
_aws_cache_gpg_id=2EA619ED
aws_account_name="$1"; shift
case "$aws_account_name" in
user:hector.rivas+admin@keytwine)
pass keytwine/aws/hector.rivas+aws.admin_credentials.sh
;;
user:hector.rivas+dev@keytwine)
pass keytwine/aws/hector.rivas+aws.dev_credentials.sh
;;
role:admin@keytwine-root)
ROOT_AWS_CREDENTIALS_COMMAND="${_awssts_script} user:hector.rivas+admin@keytwine" \
AWS_CACHE_GPG_ID="${_aws_cache_gpg_id}" \
${_awssts_dir}/cached-sts-token.sh \
${aws_account_name} -r admin -m
;;
role:dev@keytwine-root)
ROOT_AWS_CREDENTIALS_COMMAND="${_awssts_script} user:hector.rivas+dev@keytwine" \
AWS_CACHE_GPG_ID="${_aws_cache_gpg_id}" \
${_awssts_dir}/cached-sts-token.sh \
${aws_account_name} -r dev -m
;;
role:admin@keytwine-sandbox)
account_id="$(pass keytwine/aws/sandbox/account_id)"
ROOT_AWS_CREDENTIALS_COMMAND="${_awssts_script} user:hector.rivas+admin@keytwine" \
AWS_CACHE_GPG_ID="${_aws_cache_gpg_id}" \
${_awssts_dir}/cached-sts-token.sh \
${aws_account_name} \
-a "${account_id}" \
-r admin -m
;;
role:dev@keytwine-sandbox)
account_id="$(pass keytwine/aws/sandbox/account_id)"
ROOT_AWS_CREDENTIALS_COMMAND="${_awssts_script} user:hector.rivas+dev@keytwine" \
AWS_CACHE_GPG_ID="${_aws_cache_gpg_id}" \
${_awssts_dir}/cached-sts-token.sh \
${aws_account_name} -a "${account_id}" -r dev -m
;;
user:hectorrivasgandara@gov-paas-dev)
pass work/gds/aws/gov-paas-dev/credentials.sh
;;
sts:hectorrivasgandara@gov-paas-dev)
ROOT_AWS_CREDENTIALS_COMMAND="${_awssts_script} user:hectorrivasgandara@gov-paas-dev" \
AWS_CACHE_GPG_ID="${_aws_cache_gpg_id}" \
${_awssts_dir}/cached-sts-token.sh \
${aws_account_name} -m
;;
user:hectorrivasgandara@gov-paas-ci)
pass work/gds/aws/gov-paas-ci/credentials.sh
;;
sts:hectorrivasgandara@gov-paas-ci)
ROOT_AWS_CREDENTIALS_COMMAND="${_awssts_script} user:hectorrivasgandara@gov-paas-ci" \
AWS_CACHE_GPG_ID="${_aws_cache_gpg_id}" \
${_awssts_dir}/cached-sts-token.sh \
${aws_account_name} -m
;;
user:hectorrivasgandara@gov-paas-staging)
pass work/gds/aws/gov-paas-staging/credentials.sh
;;
sts:hectorrivasgandara@gov-paas-staging)
ROOT_AWS_CREDENTIALS_COMMAND="${_awssts_script} user:hectorrivasgandara@gov-paas-staging" \
AWS_CACHE_GPG_ID="${_aws_cache_gpg_id}" \
${_awssts_dir}/cached-sts-token.sh \
${aws_account_name} -m
;;
user:hectorrivasgandara@gov-paas-prod)
pass work/gds/aws/gov-paas-prod/credentials.sh
;;
sts:hectorrivasgandara@gov-paas-prod)
ROOT_AWS_CREDENTIALS_COMMAND="${_awssts_script} user:hectorrivasgandara@gov-paas-prod" \
AWS_CACHE_GPG_ID="${_aws_cache_gpg_id}" \
${_awssts_dir}/cached-sts-token.sh \
${aws_account_name} -m
;;
user:hectorrivasgandara@gds-users)
pass work/gds/aws/gds-users/credentials.sh
;;
*)
(
echo "Usage: awssts <aws_account_name>"
echo
echo "Available accounts:"
sed -n "s/^ *\(user:.*\))/ awssts \1/p;s/^ *\(sts:.*\))/ awssts \1/p;s/^ *\(role:.*\))/ awssts \1/p" < "${_awssts_script}" 1>&2
) 1>&2
exit 1
;;
esac