aws-creds: Introducing AWS Credential Picker

Identity and Access Management within AWS is EASY. So easy, in fact, most people don’t think about architecture of their accounts or how they will manage permissions until it’s too late. I’ve been there, and I’ve done that. One of the painful things about working in an enterprise that has done the quick-and-dirty with account creation and IAM configuration is managing all your logins. This gets even worse when you being automating and using your Access Keys. aws-creds is all about making this process a bit easier.

Normally, in a well-architected environment you will use a mixture of AWS SSO or some kind of federated credential systems and you wil use role delegation to provide access to your users. But what if you don’t have any of this available and you have a lot of accounts? Enter aws-creds (GitHub). aws-creds is designed to make managing multiple, disconnected accounts easy. Instead of updating profiles in your ~/.aws/credentials file, you have a command line tool that saves all of your profiles in a custom json file.

How does it work?

The AWS Credential Picker is quite simple in it’s design. Instead of storing details in the credentials file – which can prove difficult to use with lots of profiles – we store them in a custom JSON file. When you login, you’re actually doing is creating the credentials and the config file in ~/.aws. When you logout, these files are being deleted.

The reason this was created is that some AWS Utilities and 3rd Party Tools REALLY do not like it if you have multiple profiles and do not treat environment variables correctly. By always having a single credential set, utilities will ALWAYS work.

This script also provides an update on how old your Access Key is and advises you when to rotate them.

Getting started

Getting started with aws-creds is easy. I’ve packed it as a PyPi package and it is available using pip. To install aws-creds, just run the following command:

python3 -m pip install aws-creds

To ensure it has installed successfully, run the following command:

aws-creds version

If a version string is returned, you’re good to go!

Would you like to know more?

Check out the GitHub Repository and the PyPi Package. If you find any bugs or feature requests, let me know in the GitHub Issues. Thanks for reading, and see you for the next article. If you want some AWS-related articles, see my article on getting Terraform Up and Running.

Leave a Reply

Your email address will not be published. Required fields are marked *