Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support static API creds #240

Open
synfinatic opened this issue Jan 7, 2022 · 2 comments
Open

Support static API creds #240

synfinatic opened this issue Jan 7, 2022 · 2 comments
Labels
enhancement New feature or request

Comments

@synfinatic
Copy link
Owner

synfinatic commented Jan 7, 2022
edited
Loading

basically do what aws-vault does since people often have non-SSO roles they need to access.

So we need:

  1. Way to import the config/credentials file
  2. Way to manually add and delete new keys/roles
  3. Add & manage records to cache?
  4. Ideally get temporary tokens so if they are compromised you aren't very sad.
  5. Use creds to auto-discover Account level tags
  6. Need to be able to list roles
  7. Automate key rotation
  8. MFA support

Why this feature?

  • Because orgs need to migrate to AWS SSO and this doesn't happen over night.
  • Some people access accounts across multiple orgs and SSO isn't viable in that case.
  • Others???
@synfinatic synfinatic added the enhancement New feature or request label Jan 7, 2022
@synfinatic synfinatic added this to the 1.8.0 milestone Jan 7, 2022
@synfinatic
Copy link
Owner Author

when not using SSO, need to support MFA: https://github.com/99designs/aws-vault/blob/master/USAGE.md#using-credential_process

@synfinatic
Copy link
Owner Author

synfinatic commented Jan 22, 2022
edited
Loading

UX:

Phase 0:

  • Research MFA support? TL;DR: Use for AssumeRole/GetSessionToken calls. (Not even sure this is necessary really???)
  • Need to think harder on UX and map it out. What are the workflows I wish to enable?

Phase 1:

  • list -- list static roles as well as SSO
  • static import -- import from config/credentials file.
  • Should work with exec, console and eval

Phase 2+:

  • static add -- add new static role creds
  • static del -- delete static role creds
  • write ~/.aws/config and generate profiles
  • Import metadata for Tags + a Type tag for static vs sso
    • Should include tags on our IAM user (iam:ListUserTags)
  • Automate key rotation
  • Support temporary session tokens (without MFA)
  • Custom tags support

@synfinatic synfinatic modified the milestones: 1.7.2, 1.8.0 Jan 28, 2022
@synfinatic synfinatic changed the title Support importing static API creds Support static API creds Feb 12, 2022
synfinatic added a commit that referenced this issue Apr 27, 2022
@synfinatic
WIP: manage static API creds
8e691db 
* Update golangci-lint to latest version
* Add awsconfig module
* Add basic add/delete/list commands for managing static AWS
    API creds.
* Update secure store to support static creds
* Better detect invalid AWS AccountIDs

Refs: #240
synfinatic added a commit that referenced this issue Apr 27, 2022
@synfinatic
Manage static API creds
d7b2e53 
* Update golangci-lint to latest version
* Add awsconfig module
* Add basic add/delete/list commands for managing static AWS
    API creds.
* Update secure store to support static creds
* Better detect invalid AWS AccountIDs

Refs: #240
synfinatic added a commit that referenced this issue Apr 28, 2022
@synfinatic
Manage static API creds
5f19408 
* Update golangci-lint to latest version
* Add awsconfig module
* Add basic add/delete/list commands for managing static AWS
    API creds.
* Update secure store to support static creds
* Better detect invalid AWS AccountIDs

Refs: #240
synfinatic added a commit that referenced this issue Apr 28, 2022
@synfinatic
Manage static API creds
94b0cc3 
* Update golangci-lint to latest version
* Add awsconfig module
* Add basic add/delete/list commands for managing static AWS
    API creds.
* Update secure store to support static creds
* Better detect invalid AWS AccountIDs

Refs: #240
synfinatic added a commit that referenced this issue Apr 28, 2022
@synfinatic
Manage static API creds
ae9be2e 
* Update golangci-lint to latest version
* Add awsconfig module
* Add basic add/delete/list commands for managing static AWS
    API creds.
* Update secure store to support static creds
* Better detect invalid AWS AccountIDs

Refs: #240
synfinatic added a commit that referenced this issue Apr 29, 2022
@synfinatic
Manage static API creds
603b3c2 
* Update golangci-lint to latest version
* Add awsconfig module
* Add basic add/delete/list commands for managing static AWS
    API creds.
* Update secure store to support static creds
* Better detect invalid AWS AccountIDs

Refs: #240
synfinatic added a commit that referenced this issue Apr 29, 2022
@synfinatic
Manage static API creds
b474165 
* Update golangci-lint to latest version
* Add awsconfig module
* Add basic add/delete/list commands for managing static AWS
    API creds.
* Update secure store to support static creds
* Better detect invalid AWS AccountIDs

Refs: #240
synfinatic added a commit that referenced this issue Apr 29, 2022
@synfinatic
Manage static API creds
9521b55 
* Update golangci-lint to latest version
* Add awsconfig module
* Add basic add/delete/list commands for managing static AWS
    API creds.
* Update secure store to support static creds
* Better detect invalid AWS AccountIDs

Refs: #240
synfinatic added a commit that referenced this issue Apr 29, 2022
@synfinatic
Manage static API creds
6b9fe94 
* Update golangci-lint to latest version
* Add awsconfig module
* Add basic add/delete/list commands for managing static AWS
    API creds.
* Update secure store to support static creds
* Better detect invalid AWS AccountIDs

Refs: #240
synfinatic added a commit that referenced this issue Apr 29, 2022
@synfinatic
Manage static API creds
5a6d3b9 
* Update golangci-lint to latest version
* Add awsconfig module
* Add basic add/delete/list commands for managing static AWS
    API creds.
* Update secure store to support static creds
* Better detect invalid AWS AccountIDs

Refs: #240
@synfinatic synfinatic modified the milestones: 1.8.0, Next Release, 1.9.0 Apr 29, 2022
@synfinatic synfinatic removed this from the 1.9.5 milestone Nov 13, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@synfinatic