def set_account(environment): """set_credentials(environment) - sets credentials for given environment/account. """ for i in boto.config.items(environment): boto.config.set('Credentials', i[0], i[1])
So if your profile is called 'prod':
import boto set_account('prod') conn = boto.connect_ec2()
Another program having issues with many AWS accounts is Ansible. (However, authors claims it's a feature not a bug). My first approach was to add the above function in the ec2.py inventory script and further extended it by adding following lines:
- to the __init__ method of the Ec2Inventory class:
set_credentials(self.args.environment)
- and to the parse_cli function:
parser.add_argument('-e', '--environment', type=str, required=True, help="select an environment/profile to run.")
#!/bin/sh cd $(dirname $0) ./ec2.py -e prod --refresh-cache
If you need to know why the wrapper is needed check the Ansible inventory code.
Such approach is not ideal if you have many account to work with, you will need a wrapper for each one. What worse, it doesn't work with unified AWS config approach and require to keep a unique version of the inventory script. Therefore, I tried to find a better resolution. I could not find anything interesting and decided to write a small shell script to read ~/.aws/credentials and exports AWS keys for selected profile. The script is a simple wrapper around a bit complicated awk command. To use it you have to source, not execute, it, because the script should execute in a current shell.
#!/bin/bash TMP_FILE=/tmp/current_aws awk \ 'BEGIN{a=0};\ /\['$1'\]/ {a=1};\ /access_key_id/ {if (a==1){printf "export %s=%s\n", toupper($1), $3}};\ /secret_access_key/ {if (a==1) {printf "export %s=%s\n", toupper($1), $3;a=0}}'\ ~/.aws/credentials > $TMP_FILE source $TMP_FILE rm $TMP_FILE
The script ensure that:
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
Links:
- http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
- http://blogs.aws.amazon.com/security/post/Tx3D6U6WSFGOK2H/A-New-and-Standardized-Way-to-Manage-Credentials-in-the-AWS-SDKs
- http://boto.readthedocs.org/en/latest/
- http://www.ansible.com/home
- http://docs.ansible.com/intro_dynamic_inventory.html
No comments:
Post a Comment