Credential Process
Source Credentials from Weep automatically with Credential Process
AWS SDKs have the ability to source credentials from an external process by specifying a command in your AWS config file. You can read more about this feature in the AWS docs.
Read about AWS configuration settings and precedence for information about precedence of credential sources.
Update your ~/.aws/config
file with information about the profile you want to configure, and the role you want weep to assume. Example:
[profile consoleme_oss_1]
credential_process = weep credential_process arn:aws:iam::012345678901:role/consoleme_oss_1_test_admin
[profile consoleme_oss_2]
credential_process = weep credential_process consoleme_oss_2_test_admin
[profile test_account_user]
credential_process = weep credential_process test_account_user
Then just run your application or AWS CLI command with the appropriate profile:
AWS_PROFILE=test_account_user aws sts get-caller-identity
# you can also use the --profile flag
aws --profile test_account_user sts get-caller-identity
Profiles can also be set in AWS SDKs. For example in boto3
:
import boto3
session = boto3.Session(profile_name="test_account_user")
client = session.client("sts")
print(client.get_caller_identity())
Generating Credential Process Commands
Weep can automatically update your AWS config file with profiles for each of your available roles. These profiles are named with the full ARN of the role.
AWS SDKs appear to be analyzing your ~/.aws/config
file on each API call. This could drastically slow you down if your the file is too large.
# Please read the caveat above before running this command. The size of your ~/.aws/config file may negatively impact
# the rate of your AWS API calls.
weep credential_process --generate
Last updated
Was this helpful?