Assumer

Assume roles between AWS Control Plane accounts and Target accounts safely and securely.

Installation

CLI

go get -u github.com/devsecops/assumer-go/cmd/assumer

Library

go get -u github.com/devsecops/assumer-go

Usage

CLI

assumer -h assumer -a <target-account-number> -r <target-account-role> -A <control-account-number> -R <control-account-role>

Required Flags

 -A, --control-account Control Account Number -R, --control-role Control Account Role -a, --target-account Target Account Number -r, --target-role Target Account Role

Optional Flags

 -g, --gui AWS Console GUI --profile AWS Profile --region AWS Region

Library

package main import"github.com/pmbenjamin/assumer"funcmain(){// 1. get MFA Token from usertoken="123456"// 2. Construct Control PlanecontrolPlane:=&assumer.ControlPlane{Plane: assumer.Plane{AccountNumber: "123456789012", RoleArn: "arn:aws:iam::123456789012:role/control-role", Region: "us-west-2"}, MfaToken: token} // 3. Construct Target PlanetargetPlane:=&assumer.targetPlane{Plane: assumer.Plane{AccountNumber: "123123123123", RoleArn: "arn:aws:iam::123123123123:role/target-plane"}} // 4. Assume Control Plane RolecontrolCreds, err:=controlPlane.Assume() iferr!=nil{fmt.Println(err) } // 5. Assume Target Plane RoletargetCreds, err:=targetPlane.Assume(controlCreds) iferr!=nil{fmt.Println(err) } // Now you have Target Plane Credentials...targetCreds.Credentials.AccessKeytargetCreds.Credentials.SecretKeytargetCreds.Credentials.Region }

Configuration

Assumer expects the config file to be called assumer and supports multiple configuration formats (e.g. TOML, YAML, & JSON). Assumer expects the configuration file to be located in $HOME/.assumer/config.xyz or in the current working directory. The config file is used if the user assumes role via assumer [target-account-name] or if the user did not pass Control Plane/Target Plane parameters.

Example

[myControlAccount] account = 123456789012 role = "my/control/iam/role" region = "us-west-2" [myTarget] [myTarget.prod.da] account = 123456789012 region = "us-west-2" role = "my/target/iam/role" [myTarget.prod.ro] account = 123456789012 region = "us-west-2" role = "my/target/iam/role"

Upcoming Features

Open AWS Console in browser with -g or --gui flag
Assume into target accounts with a simple command: assumer <target-account-name>
Support different configuration formats (e.g. JSON, YAML)
Distribute binary via Homebrew, so users can brew install assumer

Name		Name	Last commit message	Last commit date
Latest commit History 33 Commits
cmd/assumer		cmd/assumer
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
config.go		config.go
control.go		control.go
control_test.go		control_test.go
plane.go		plane.go
target.go		target.go
target_test.go		target_test.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Assumer

Installation

CLI

Library

Usage

CLI

Required Flags

Optional Flags

Library

Configuration

Example

Upcoming Features

About

Uh oh!

Releases

Packages

Contributors 3

Uh oh!

Languages

License

devsecops/assumer-go

Folders and files

Latest commit

History

Repository files navigation

Assumer

Installation

CLI

Library

Usage

CLI

Required Flags

Optional Flags

Library

Configuration

Example

Upcoming Features

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Contributors 3

Uh oh!

Languages

Packages