AWS CLI Tools

A docker image for running AWS CLI commands.

It could be used in two ways:

1. You prefer to use your own version of AWS CLI but need to perform Shibboleth authentication to your account

2. You want to enjoy all available AWS-related tools by opening a bash session inside the container

Usage: CLI for accounts with Shibboleth authentication

You can use this image to access Shibboleth-protected accounts. To create a temporary session, just run shib-auth inside the container:

docker run --rm -it --volume "$HOME/.aws:/root/.aws" bostonuniversity/aws-tools shib-auth

Thanks to the --volume "$HOME/.aws:/root/.aws" piece, the security token generated as the result of this command will be available at ~/.aws/credentials so you'll be able to use AWS CLI commands authenticated as the role you've chosen.

It is suggested to wrap the command above as an alias:

echo "alias awslogin='docker run --rm -it --volume \"$HOME/.aws:/root/.aws\" bostonuniversity/aws-tools shib-auth'" >> ~/.bashrc
# Source the file or re-login to your host

This session will only be available for a few hours but you can alway run that command again to create a new one.

Note that this container will attempt to use Duo 2FA authentication but it's been only tested for the push method (both manual and automated).

You can modify these environment variables to fine-tune for your own case:

You can also put the credentials into a non-default profile by adding the profile name to the end of the command line:

docker run --rm -it --volume "$HOME/.aws:/root/.aws" bostonuniversity/aws-tools shib-auth security

or the following if you made the above alias:

awslogin security

Variable name	Default value
AWS_REGION	us-east-1
AWS_OUTPUT_FORMAT	json
AWS_LOGIN_URL	https://www.bu.edu/awslogin

Usage: Bash Session

Bash

• Open aws-shell with default aws profile:

  docker run --rm -it \
    --volume "$HOME/.aws:/root/.aws" \
    --volume "$(pwd):/code" \
    bostonuniversity/aws-tools

• Open bash with a specific aws profile:

  docker run --rm -it \
    --volume "$HOME/.aws:/root/.aws" \
    --volume "$(pwd):/code" \
    -e AWS_PROFILE=<aws_profile> \
    bostonuniversity/aws-tools /bin/bash

• Persist the the shell history and other things across runs:

  docker run --rm -it \
    --volume aws-tools:/root \
    --volume "$HOME/.aws:/root/.aws" \
    --volume "$(pwd):/code" \
    bostonuniversity/aws-tools /bin/bash

Windows CMD

In Windows, the syntax is a little bit different, for example:

docker run --rm -it ^
--volume %cd%:/code ^
--volume C:\Some\Temporary\Directory:/root/.aws ^
--volume aws-tools:/root ^
bostonuniversity/aws-tools /bin/bash

PowerShell

docker run --rm -it --volume ${PWD}:/code --volume C:\Some\Temporary\Directory:/root/.aws --volume aws-tools:/root bostonuniversity/aws-tools /bin/bash

Includes

AWS

• aws-cli
• aws-shell
• ecs-cli

Other

• bash
• less
• curl
• git
• jq
• groff
• py-pip
• python
• python3
• nodejs
• npm
• chromium

Development

To troubleshoot or add new features to this image, use docker-compose.

The first step is to build the image locally:

docker-compose up --build --force-recreate

Then, execute bash session in the container:

docker-compose exec aws bash

Multi-architecture builds

This assumes that you have enabled multi-archecture builds with buildx. If not then see various sources on how to set that up such as:

https://medium.com/@artur.klauser/building-multi-architecture-docker-images-with-buildx-27d80f7e2408

Once we have a buildx builder we can build and push images to DockerHub by:

$ docker buildx build -t "org/aws-tools:latest" --platform linux/amd64,linux/arm64 --push .