junkdrawer/aws-select-credentials at main · peterwwillis/junkdrawer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#!/usr/bin/env bash
# aws-select-credentials - Use 'dialog' to select cached AWS credentials and export it into your current shell
#
# Assuming this script is in your PATH, simply run:
#   $ `aws-select-credentials`
# or:
#   $ . aws-select-credentials

[ "${DEBUG:-0}" = "1" ] && set -x

HOME="${HOME:-$(getent passwd $(id -u) | cut -d : -f 6)}"
AWS_CREDENTIALS_FILE="${AWS_CREDENTIALS_FILE:-$HOME/.aws/credentials}"

_cleanup () {
    [ -z "$_TMP" ] || rm -rf "$_TMP"
}
trap _cleanup EXIT

_list_credentials () {
    local credname
    while read -r line ; do
        case "$line" in
            \[*\])
                    credname="${line#[}" ;
                    credname="${credname%]}" ;
                    creds+=("$credname") ;;
            aws_access_key_id*)
                    keys[$credname]="$(printf "%s\n" "$line" | sed -e 's/^aws_access_key_id[[:blank:]]\+=[[:blank:]]*//g')" ;;
            aws_secret_access_key*)
                    secrets[$credname]="$(printf "%s\n" "$line" | sed -e 's/^aws_secret_access_key[[:blank:]]\+=[[:blank:]]*//g')" ;;
            aws_session_token*)
                    sessions[$credname]="$(printf "%s\n" "$line" | sed -e 's/^aws_session_token[[:blank:]]\+=[[:blank:]]*//g')" ;;
        esac
    done < "$AWS_CREDENTIALS_FILE"
}

_select_credential () {
    if [ -n "${AWS_SELECTED_CREDENTIALS:-}" ] && [ ! "${FORCE:-0}" = "1" ] ; then
        selected="${AWS_SELECTED_CREDENTIALS}"
    else
        declare -a credentials=()
        for c in "${creds[@]}" ; do
            credentials+=("$c" "$c")
        done
        _TMP=$(mktemp)
        dialog --stdout --backtitle "AWS Credentials" --menu "Select some AWS credentials to export" 25 80 20 "${credentials[@]}" > "$_TMP"
        selected="$(cat "$_TMP")"
    fi
}

_select_region () {
    if [ -z "${AWS_DEFAULT_REGION}" ] && [ -z "${AWS_REGION:-}" ] ; then
        declare -a regions=()
        for region in eu-north-1 ap-south-1 eu-west-3 eu-west-2 eu-west-1 ap-northeast-3 ap-northeast-2 ap-northeast-1 sa-east-1 ca-central-1 ap-southeast-1 ap-southeast-2 eu-central-1 us-east-1 us-east-2 us-west-1 us-west-2
        do
            regions+=("$region" "$region")
        done
        dialog --stdout --backtitle "AWS Region" --menu "Select a default AWS Region" 25 80 20 "${regions[@]}" > "$_TMP"
        selected_region="$(cat "$_TMP")"
    fi
}

_unset_credential () {
    unset AWS_SELECTED_CREDENTIALS AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
    echo "unset AWS_SELECTED_CREDENTIALS AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN"
}

_usage () {
    cat <<EOUSAGE
Usage: $0 [OPTIONS]

Select some cached AWS credentials as environment variables. Useful if you have
a dynamic credential provider for your AWS credentials and need to export the
current values to another application (that may not be able to use your AWS
profile configuration or read its files).

Uses AWS_CREDENTIALS_FILE (~/.aws/credentials) to get cached credentials.

Options:
  -h                This screen
  -u                Unset the environment variables
  -f                Force mode
EOUSAGE
    exit 1
}

declare -a creds=()
declare -A keys=() secrets=() sessions=()

_list_credentials

FORCE=0 UNSET=0
while getopts "fuh" args ; do
    case "$args" in
        h)
                _usage ;;
        f)
                FORCE=1 ;;
        u)
                UNSET=1 ;;
        *)
                echo "$0: Error: invalid args '$args'" ; exit 1 ;;
    esac
done
shift $((OPTIND-1))

if [ "$UNSET" = "1" ] ; then

    _unset_credential

else

    _select_credential

    export AWS_SELECTED_CREDENTIALS="$selected"
    export AWS_ACCESS_KEY_ID="${keys[$selected]}"
    export AWS_SECRET_ACCESS_KEY="${secrets[$selected]}"
    export AWS_SESSION_TOKEN="${sessions[$selected]}"

    echo "export AWS_SELECTED_CREDENTIALS=$selected"
    echo "export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID"
    echo "export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY"
    echo "export AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN"

    _select_region

    if [ -n "${selected_region:-}" ] ; then
        export AWS_DEFAULT_REGION="$selected_region"
        echo "export AWS_DEFAULT_REGION=$selected_region"
    fi

fi