AWS Credentials in the CLI using Weep and ConsoleMe

Weep is a CLI utility for getting AWS credentials from ConsoleMe, serving them to your AWS CLI or SDKs, and (in many cases) caching and refreshing credentials automatically.

Read about the specifics in our Getting Started with Weep guide.

Weep supports the following operations:

1) Emulate the ECS Credential Provider locally. (This provides a convenient way to get credentials on-demand, without needing networking rules. Each of your shells or IDEs can use a different role. Weep will cache these credentials and refresh them on demand):

2) Emulate the EC2 Instance Metadata Service locally:

3) Invoke weep using the credential_process flow. (Note: We've seen this introduce performance issues when you have a large number of roles.)

4) Export credentials as environment variables

5) Write credentials to your ~/.aws/credentials file

6) Have weep perform nested assume-role calls on your behalf, and serve the assumed role credentials (The video below shows this flow for Weep's ECS credential provider mode. You can do this with most other modes as well):