-
Notifications
You must be signed in to change notification settings - Fork 17
/
aws-export-profile
executable file
·196 lines (170 loc) · 5.07 KB
/
aws-export-profile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
#!/usr/bin/env bash
# Be strict
set -e
set -u
set -o pipefail
unset_environment() {
echo "unset AWS_ACCESS_KEY_ID"
echo "unset AWS_ACCESS_KEY"
echo "unset AWS_SECRET_ACCESS_KEY"
echo "unset AWS_SECRET_KEY"
echo "unset AWS_SESSION_TOKEN"
echo "unset AWS_DELEGATION_TOKEN"
echo "unset AWS_SECURITY_TOKEN"
echo "unset AWS_REGION"
}
# Display usage
if [ "${#}" -gt "0" ]; then
case "${1}" in
-u|--unset)
unset_environment
exit 0
;;
-v|--version)
cat << EOF
aws-export-profile v0.4
EOF
exit 0
;;
-h|--help)
cat << EOF
Usage: aws-export-profile [profile] [credentials] [config]
aws-export-profile --unset, -u
aws-export-profile --help, -h
aws-export-profile --version, -v
This bash helper will output AWS export statements of your chosen aws boto profile.
Wrap this script in \$(aws-export-profile) to export those environment variables.
Optional parameter:
[profile] Boto profile name to export. Default is 'default'
[credentials] Path to your aws credentials file.
Default is ~/.aws/credentials
[config] Path to your aws config file.
If no config file is found, AWS_REGION export will not be available.
Default is ~/.aws/config
Arguments:
--unset, -u Unset currently set AWS variables from env
--help, -h Show this help screen
--version, -v Show version
Available exports:
AWS_ACCESS_KEY_ID
AWS_ACCESS_KEY
AWS_SECRET_ACCESS_KEY
AWS_SECRET_KEY
AWS_SESSION_TOKEN
AWS_DELEGATION_TOKEN
AWS_SECURITY_TOKEN
AWS_REGION
Examples to show output:
aws-export-profile testing
aws-export-profile production /jenkins/aws/credentials /jenkins/aws/config
Examples to export:
\$(aws-export-profile testing)
\$(aws-export-profile production /jenkins/aws/credentials /jenkins/aws/config)
Examples to unset all AWS variables
\$(aws-export-profile -u)
MIT License
Copyright (c) 2018 cytopia
EOF
exit 0
;;
*)
esac
fi
# Input parameter
PROFILE="${1:-default}"
CREDENTIALS="${2:-${HOME}/.aws/credentials}"
CONFIG="${3:-${HOME}/.aws/config}"
# Available values in credentials file
aws_access_key_id=
aws_secret_access_key=
aws_session_token=
aws_security_token=
# Available values in config file
aws_region=
# Test if credentials file is found, otherwise abort
if [ ! -f "${CREDENTIALS}" ]; then
printf "Error, credentials file does not exist: %s\n" "${CREDENTIALS}"
exit 1
fi
# Test if config file is found, otherwise no export of region is available
if [ ! -f "${CONFIG}" ]; then
printf "Warning, config file does not exist: %s\n" "${CONFIG}" >&2
printf "Region will not be exported.\n" >&2
fi
# Trim whitespace
trim() {
local line="${1}"
line="${line#"${line%%[![:space:]]*}"}"
line="${line%"${line##*[![:space:]]}"}"
echo "${line}"
}
# Extract value from string (Format: NAME = VALUE)
get_val() {
local line="${1}"
echo "${line##*=*[[:space:]]}"
}
# Read region
if [ -f "${CONFIG}" ]; then
section=
while read -r line; do
# Get section we are currently in
if [[ "${line}" =~ ^[[:space:]]*\[profile[[:space:]]+[-_.a-zA-Z0-9]+\][[:space:]]*$ ]]; then
section="${line%]}"
section="${section#[profile}"
section="$( trim "${section}" )"
fi
# Extract available aws export values
if [ "${section}" = "${PROFILE}" ]; then
if [[ "${line}" =~ ^[[:space:]]*region[[:space:]]*=.*$ ]]; then
aws_region="$( get_val "${line}" )"
fi
fi
done < "${CONFIG}"
fi
# Read credentials
section=
while read -r line; do
# Get section we are currently in
if [[ "${line}" =~ ^[[:space:]]*\[[-_.a-zA-Z0-9]+\][[:space:]]*$ ]]; then
section="${line%]}"
section="${section#[}"
fi
# Extract available aws export values
if [ "${section}" = "${PROFILE}" ]; then
if [[ "${line}" =~ ^[[:space:]]*aws_access_key_id[[:space:]]*=.*$ ]]; then
aws_access_key_id="$( get_val "${line}" )"
fi
if [[ "${line}" =~ ^[[:space:]]*aws_secret_access_key[[:space:]]*=.*$ ]]; then
aws_secret_access_key="$( get_val "${line}" )"
fi
if [[ "${line}" =~ ^[[:space:]]*aws_session_token[[:space:]]*=.*$ ]]; then
aws_session_token="$( get_val "${line}" )"
fi
if [[ "${line}" =~ ^[[:space:]]*aws_security_token[[:space:]]*=.*$ ]]; then
aws_security_token="$( get_val "${line}" )"
fi
fi
done < "${CREDENTIALS}"
# Output exports
if [ -n "${aws_access_key_id}" ]; then
echo "export AWS_ACCESS_KEY_ID=${aws_access_key_id}"
echo "export AWS_ACCESS_KEY=${aws_access_key_id}"
fi
if [ -n "${aws_secret_access_key}" ]; then
echo "export AWS_SECRET_ACCESS_KEY=${aws_secret_access_key}"
echo "export AWS_SECRET_KEY=${aws_secret_access_key}"
fi
if [ -n "${aws_session_token}" ]; then
echo "export AWS_SESSION_TOKEN=${aws_session_token}"
echo "export AWS_DELEGATION_TOKEN=${aws_session_token}"
fi
if [ -n "${aws_security_token}" ]; then
echo "export AWS_SECURITY_TOKEN=${aws_security_token}"
# Set DELEGATION_TOKEN only if it wasn't set via session token
if [ -z "${aws_session_token}" ]; then
echo "export AWS_DELEGATION_TOKEN=${aws_security_token}"
fi
fi
if [ -n "${aws_region}" ]; then
echo "export AWS_REGION=${aws_region}"
fi