78 lines
2.3 KiB
Fish
78 lines
2.3 KiB
Fish
# AWS Credential Management for FiSH
|
|
|
|
# TODO change your user
|
|
set AWS_IAM_USER ""
|
|
|
|
# TODO setup your aws-mfa credential keys in the credentials file
|
|
# TODO replace "PLACE_YOUR_ROLE_HERE" with the actual role you want to assume.
|
|
|
|
# AWS Account details
|
|
set DEV_ACCOUNT_ID ""
|
|
set STG_ACCOUNT_ID ""
|
|
set PROD_ACCOUNT_ID ""
|
|
set OPS_ACCOUNT_ID ""
|
|
|
|
# Update if different regions are used in your setup
|
|
export AWS_REGION=eu-west-1
|
|
export AWS_DEFAULT_REGION=eu-west-1
|
|
|
|
|
|
function envAWS --description 'switch to different aws account environments (-) with MFA'
|
|
if test (count $argv) -lt 1
|
|
echo "Provide an AWS Environment: dev, staging, prod, ops"
|
|
return
|
|
end
|
|
|
|
switch $argv[1]
|
|
case dev
|
|
echo "switching to /refreshing dev"
|
|
aws-mfa --assume-role arn:aws:iam::$DEV_ACCOUNT_ID:role/PLACE_YOUR_ROLE_HERE --duration 43200 --role-session-name "$AWS_IAM_USER"
|
|
getAWSenv
|
|
case stg
|
|
echo "switching to /refreshing staging"
|
|
aws-mfa --assume-role arn:aws:iam::$STG_ACCOUNT_ID:role/PLACE_YOUR_ROLE_HERE --duration 43200 --role-session-name "$AWS_IAM_USER"
|
|
getAWSenv
|
|
case prod
|
|
echo "switching to /refreshing prod"
|
|
aws-mfa --assume-role arn:aws:iam::$PROD_ACCOUNT_ID:role/PLACE_YOUR_ROLE_HERE --duration 3600 --role-session-name "$AWS_IAM_USER"
|
|
getAWSenv
|
|
case ops
|
|
echo "switching to /refreshing ops"
|
|
aws-mfa --assume-role arn:aws:iam::$OPS_ACCOUNT_ID:role/PLACE_YOUR_ROLE_HERE --duration 3600 --role-session-name "$AWS_IAM_USER"
|
|
getAWSenv
|
|
case '*'
|
|
echo "Wrong / Invalid Environment provided"
|
|
return 1
|
|
end
|
|
end
|
|
|
|
function getAWSenv --description 'verify and set environment'
|
|
set aws_account_id (aws sts get-caller-identity | jq -r '.Account')
|
|
|
|
if not test -n "$aws_account_id"
|
|
echo "aws sts could not get identify. Are you logged in ?"
|
|
set -ge env # clear env
|
|
return 1
|
|
end
|
|
if [ $aws_account_id = $DEV_ACCOUNT_ID ]
|
|
set -g env dev
|
|
else if [ $aws_account_id = $STG_ACCOUNT_ID ]
|
|
set -g env stg
|
|
else if [ $aws_account_id = $PROD_ACCOUNT_ID ]
|
|
set -g env prod
|
|
else if [ $aws_account_id = $OPS_ACCOUNT_ID ]
|
|
set -g env ops
|
|
else
|
|
set -ge env
|
|
return 1
|
|
end
|
|
end
|
|
|
|
function getSecretAWS --description 'get & decrypt secrets from ssm parameter store via cli command if permissions are granted'
|
|
if test (count $argv) -lt 1
|
|
echo "Provide a Path to the Secret"
|
|
return
|
|
end
|
|
|
|
aws ssm get-parameter --name "$argv[1]" --with-decryption | jq .Parameter.Value -r
|
|
end |