Class: AwsMfaSecure::Exports

Inherits:

Base

• Object
• Base
• AwsMfaSecure::Exports

Defined in:

lib/aws_mfa_secure/exports.rb

Instance Method Summary

• #initialize(options = {}) ⇒ Exports constructor

  A new instance of Exports.

• #run ⇒ Object
• #script(creds) ⇒ Object

Methods inherited from Base

#aws_cli_installed?, #aws_cli_setup?, #aws_config, #aws_mfa_env_set?, #aws_profile, #credentials, #fetch_creds?, #get_session_token, #good_session_creds?, #iam_mfa?, #mfa_prompt, #mfa_serial, #save_creds, #session_creds_path, #shell_get_session_token, #sts

Constructor Details

#initialize(options = {}) ⇒ Exports

Returns a new instance of Exports.

# File 'lib/aws_mfa_secure/exports.rb', line 3

def initialize(options={})
  @options = options
  @aws_profile = aws_profile
end

Instance Method Details

#run ⇒ Object

# File 'lib/aws_mfa_secure/exports.rb', line 8

def run
  # Allow use `aws-mfa-secure exports --no-mfa`
  # This bypasses the check for mfa_serial being configured in the ~/.aws/credentials profile
  # Useful if we want to grab temporary AWS_xxx credentials for testing.
  if @options[:mfa] == false
    resp = sts.get_session_token
    puts script(resp.credentials)
    return
  end

  unless iam_mfa?
    $stderr.puts "WARN: mfa_serial is not configured for this AWS_PROFILE=#{@aws_profile}"
    $stderr.puts "If you want to use exports without this mfa_serial check. Use the --no-mfa option."
    return
  end

  if fetch_creds?
    resp = get_session_token
    save_creds(resp.credentials.to_h)
  end

  puts script(credentials)
end

#script(creds) ⇒ Object

# File 'lib/aws_mfa_secure/exports.rb', line 32

def script(creds)
  <<~EOL
    export AWS_ACCESS_KEY_ID=#{creds["access_key_id"]}
    export AWS_SECRET_ACCESS_KEY=#{creds["secret_access_key"]}
    export AWS_SESSION_TOKEN=#{creds["session_token"]}
  EOL
end