gcreds (pronounced "gee-creds" for generate credentials) is a utility for creation and managment of IAM temporary access credentials using Amazon's Security Token Service (STS). Temporary credentials are used to access AWS resources when assuming a role identity.
For more information on the above terms and functions, see an explanation of IAM roles in the Amazon Web Services documentation.
Version: 2.4.6
--
gcreds requests temporary credentials from Amazon's Security Token Service (STS) for roles that normally require multi-factor credentials in order to authenticate.
A primary use case for gcreds is generating a temporary set of AWS access credentials for programmatic use by automation tools running on your local machine.
gcreds manages temporary credentials it generates to prevent corruption of your local awscli config. When generating new temporary credentials, gcreds will automatically clear expired credentials from your local awscli config to block the presence of duplicate sets of credentials.
--
gcreds requires the following:
- Python version 3.6+
- Installation Amazon CLI tools (awscli, see Installation section)
- jq, a json parser generally available from your distribution repo
- bash (4.x)
- Standard linux utilities:
- grep
- awk
- sed
- cat
- hostname
--
To display the gcreds help menu:
$ gcreds --help
--
GNU Make Targets. Type the following to display the available make targets from the root of the project:
$ make help
--
Configure gcreds runtime options by entering the configuration menu:
$ gcreds --configure
--
If the same IAM user will be utilised to generate role credentials, set the default gcreds IAM user here to avoid entering "--profile " every time gcreds is called to generate credentials for your local awscli configuration:
--
Choose a default color scheme for gcreds accent highlighting via the next menu:
--
--
The easiest way to install gcreds on debian-based Linux distributions is via the debian-tools package repository:
-
Open a command line terminal.
-
Download and install the repository definition file
$ sudo apt install wget$ wget http://awscloud.center/deb/debian-tools.list
$ sudo chown 0:0 debian-tools.list && sudo mv debian-tools.list /etc/apt/sources.list.d/ -
Install the package repository public key on your local machine
$ wget -qO - http://awscloud.center/keys/public.key | sudo apt-key add -
-
Update the local package repository cache
$ sudo apt update -
Install gcreds os package
$ sudo apt install gcredsAnswer "y":
-
Verify Installation
$ apt show gcreds
The easiest way to install gcreds on redhat-based Linux distributions is via the developer-tools package repository:
-
Open a command line terminal.
-
Install the official epel package repository
$ sudo yum install epel-release -
Download and install the repo definition file
$ sudo yum install wget
$ wget http://awscloud.center/rpm/developer-tools.repo
$ sudo chown 0:0 developer-tools.repo && sudo mv developer-tools.repo /etc/yum.repos.d/
-
Delete the local repository cache, then Update the cache with new package references
$ sudo rm -fr /var/cache/yum $ sudo yum update -y -
Install the gcreds os package
$ sudo yum install gcreds
Answer "y":
-
Verify Installation
$ yum info gcreds
Redhat Package Manager (RPM) format used by Amazon Linux under development. Check amzn2.awscloud.center page for updates.
--
$ gcreds --profile <iam_user> --accounts list.accounts --refresh-hours 4
$ less ./aws/credentials
Coloration courtesy of source-highlight.
$ cat /var/log/gcreds.log
$ gcreds --profile <iam_user> --accounts list.accounts --refresh-hours 4
Runtime statistics displayed while authenitcation is active. Alternatively, the command below displays same information anytime.
$ gcreds --show
$ gcreds --help
All works contained herein copyrighted via below author unless work is explicitly noted by an alternate author.
- Copyright Blake Huber, All Rights Reserved.
- Software contained in this repo is licensed under the license agreement. You may display the license and copyright information by issuing the following command:
$ gcreds --version
Code is provided "as is". No liability is assumed by either the code's originating author nor this repo's owner for their use at AWS or any other facility. Furthermore, running function code at AWS may incur monetary charges; in some cases, charges may be substantial. Charges are the sole responsibility of the account holder executing code obtained from this library.
Additional terms may be found in the complete license agreement.