ConsoleMe
GitHub
  • About
  • Architecture
  • Features
    • Credentials
      • AWS Console Login
      • AWS Credential Broker
    • Policy Management
      • Policies View
      • Policy Editor for IAM, SQS, SNS, and S3
      • Self-Service IAM Wizard
      • Policy Request - Review Page
      • Role Creation and Cloning
  • Demo
  • Quick Start
    • Docker
    • Local
  • Prerequisites
    • Required IAM Permissions
      • Central Account
      • Spoke Accounts
  • Configuration
    • Web App Authentication and Authorization
      • Local Development (Auth bypass)
      • ALB Auth (Recommended)
      • Retrieving Google Groups
      • OIDC/OAuth2
        • Cognito
        • Okta
      • SAML
      • Plain-Text Headers
    • Role Credential Authorization
      • Role Tags
        • Role Tagging Service Control Policy (Recommended)
      • Role Authorization through Dynamic Configuration
      • Custom Authorization (Internal Plugin)
    • Account Syncing
    • Metrics
    • Dynamic Configuration
    • AWS Resource Syncing
    • CLI Authentication
    • Sending email through SES
    • AWS Secret Manager Integration
    • CloudTrail Integration via AWS Event Bridge
    • Slack Notifications
  • Celery Tasks
    • Celery Flower
  • Development Guide
    • UI Components
    • Managing Dependencies
  • Deployment Strategies
  • Contributing
  • FAQ
  • License
  • Security
  • Weep CLI
    • Getting Started with Weep
    • AWS Credentials in the CLI using Weep and ConsoleMe
    • Configuration
    • Commands
      • List
      • Serve
      • Export
      • File
      • Credential Process
    • Assuming Roles
    • Advanced Configuration
      • Routing for Metadata Service
      • Shell Completion
Powered by GitBook
On this page

Was this helpful?

  1. Weep CLI

AWS Credentials in the CLI using Weep and ConsoleMe

PreviousGetting Started with WeepNextConfiguration

Last updated 3 years ago

Was this helpful?

Weep is a CLI utility for getting AWS credentials from ConsoleMe, serving them to your AWS CLI or SDKs, and (in many cases) caching and refreshing credentials automatically.

Read about the specifics in our guide.

Weep supports the following operations:

1) Emulate the ECS Credential Provider locally. (This provides a convenient way to get credentials on-demand, without needing networking rules. Each of your shells or IDEs can use a different role. Weep will cache these credentials and refresh them on demand):

2) Emulate the EC2 Instance Metadata Service locally:

4) Export credentials as environment variables

5) Write credentials to your ~/.aws/credentials file

6) Have weep perform nested assume-role calls on your behalf, and serve the assumed role credentials (The video below shows this flow for Weep's ECS credential provider mode. You can do this with most other modes as well):

3) Invoke weep using the . (Note: We've seen this introduce performance issues when you have a large number of roles.)

credential_process flow
Getting Started with Weep