This Ruby gem provides a tool to parse profile settings and secrets from AWS CLI configuration files, including temporary credentials cached by the CLI when using IAM roles. This is often useful when using CLI profiles that assume roles requiring an MFA code. After authenticating successfully with an MFA code, temporary session credentials are cached in your ~/.aws folder. You'll often need to pass these temporary credentials to other tools such as Docker containers. This gem parses the files in your ~/.aws folder and merges all information allowing you to retrieve any credential or setting.
Add this line to your application's Gemfile:
gem 'aws_cli_config_parser'And then execute:
$ bundle install
Or install it yourself as:
$ gem install aws_cli_config_parser
With a file tree like this:
~/.aws/
├── cli
│ └── cache
│ ├── 1a2b3c4d5etc.json
├── config
└── credentials
~/.aws/config
[default]
region = eu-west-1
[profile admin]
role_arn = arn:aws:iam::222200002222:role/SomeRole
source_profile = default
role_session_name = session_name
region = eu-central-1
~/.aws/credentials
[default]
aws_access_key_id = ASIA1111000011110000
aws_secret_access_key = SECRET1111000011110000111100001111000011
~/.aws/cli/cache/1a2b3c4d5etc.json
{
"Credentials": {
"AccessKeyId": "ASIA2222000022220000",
"SecretAccessKey": "SECRET2222000022220000222200002222000022",
"SessionToken": "SESSIONTOKEN222200002222000022220000222200002222000022220000etc",
"Expiration": "<some timestamp in the future>"
},
"AssumedRoleUser": {
"AssumedRoleId": "ARLID2222000022220000:session_name",
"Arn": "arn:aws:sts::222200002222:assumed-role/SomeRole/session_name"
},
...
}
You can obtain any individual configuration value like this:
profiles = AwsCliConfigParser.parse
# => #<AwsCliConfigParser::Profiles:0x000055b0526261e8>
default = profiles.get('default')
# => #<AwsCliConfigParser::Profile:0x000055b052654ea8>
default.get('region')
# => "eu-west-1"
default.get('aws_access_key_id')
# => "ASIA1111000011110000"
default.get('aws_secret_access_key')
# => "SECRET1111000011110000111100001111000011"
admin = profiles.get('admin')
# => #<AwsCliConfigParser::Profile:0x000055b052644b98>
admin.get('region')
# => "eu-central-1"
admin.get('role_arn')
# => "arn:aws:iam::222200002222:role/SomeRole"
admin.get('aws_access_key_id')
# => "ASIA2222000022220000"
admin.get('aws_secret_access_key')
# => "SECRET2222000022220000222200002222000022"
admin.get('aws_session_token')
# => "SESSIONTOKEN222200002222000022220000222200002222000022220000etc"Or if you prefer using hashes:
AwsCliConfigParser.parse.to_h == {
'default' => {
'region' => 'eu-west-1',
'aws_access_key_id' => 'ASIA1111000011110000',
'aws_secret_access_key' => 'SECRET1111000011110000111100001111000011'
},
'admin' => {
'region' => 'eu-central-1',
'role_arn' => 'arn:aws:iam::222200002222:role/SomeRole',
'source_profile' => 'default',
'role_session_name' => 'session_name',
'aws_access_key_id' => 'ASIA2222000022220000',
'aws_secret_access_key' => 'SECRET2222000022220000222200002222000022',
'aws_session_token' => 'SESSIONTOKEN222200002222000022220000222200002222000022220000etc',
}
}
# => trueIf you have your AWS CLI configuration directory somewhere other than the default you can tell the parser where to look for it:
AwsCliConfigParser.parse(aws_directory: '/somewhere/else/.my-aws-folder')
# => ...This gem includes a limited CLI frontend. You can obtain a configuration value like this:
aws_cli_config_parser --profile admin --key aws_access_key_id
# ASIA2222000022220000
aws_cli_config_parser -p admin -k aws_access_key_id
# ASIA2222000022220000You can optionally define a fallback value to be returned in case the specified profile does not exist or the configuration parameter is not defined:
aws_cli_config_parser --profile bogus --key aws_access_key_id --fallback OOOPS
# OOOPS
aws_cli_config_parser -p bogus -k aws_access_key_id -f OOOPS
# OOOPSYou can also specify a custom directory where the command will look for your AWS CLI configuration files:
aws_cli_config_parser --profile someone --key aws_access_key_id --directory /somewhere/else/.my-aws-folder
# ASIA................
aws_cli_config_parser -p someone -k aws_access_key_id -d /somewhere/else/.my-aws-folder
# ASIA................The gem is available as open source under the terms of the MIT License.