Class: AwsSession

Inherits:

Object

• Object
• AwsSession

Defined in:

lib/awssession.rb,
lib/awssession/version.rb

Overview

AWS Session creation with profile Structure of options

'name' => <name>,
'region' => <region>
'role_arn' => <role_arn>
'aws_access_key_id' => <aws_access_key_id>
'aws_secret_access_key' => <aws_secret_access_key>
'mfa_serial' => <mfa_serial>

Can be fetched with AWSConfig if .aws/config

Constant Summary

VERSION =

'0.3.0'.freeze

Instance Method Summary

• #assume_role ⇒ Object
• #create_session ⇒ Object
• #credentials ⇒ Object
• #initialize(options) ⇒ AwsSession constructor

  A new instance of AwsSession.

• #load_role_session ⇒ Object
• #load_session ⇒ Object
• #load_sts_session ⇒ Object
• #read_token_input ⇒ Object
• #save_session(file, session) ⇒ Object
• #session_credentials ⇒ Object
• #start ⇒ Object
• #sts_session_token ⇒ Object

Constructor Details

#initialize(options) ⇒ AwsSession

Returns a new instance of AwsSession.

# File 'lib/awssession.rb', line 22

def initialize(options)
  @profile = options[:profile]
  @sts_lifetime = options[:sts_lifetime] || 129_600
  @sts_filename = options[:sts_filename] || 'aws-sts-session.yaml'
  @role_lifetime = options[:role_lifetime] || 3_600
  @role_filename = options[:role_filename] || 'aws-role-session.yaml'
  @session_save_path = options[:session_save_path] || "#{Dir.home}/.aws/cache"
  @debug = options[:debug] || 0
end

Instance Method Details

#assume_role ⇒ Object

# File 'lib/awssession.rb', line 97

def assume_role
  sts_client = Aws::STS::Client.new(
    access_key_id: @sts_session.credentials.access_key_id,
    secret_access_key: @sts_session.credentials.secret_access_key,
    session_token: @sts_session.credentials.session_token
  )
  @role_session = sts_client.assume_role(
    duration_seconds: @role_lifetime,
    role_arn: @profile.role_arn,
    role_session_name: "#{ENV['USER']}-#{Time.now.utc.iso8601.tr!('-:', '_')}"
  )
end

#create_session ⇒ Object

# File 'lib/awssession.rb', line 67

def create_session
  if @role_session.nil? && @sts_session.nil?
    read_token_input
    sts_session_token
    save_session @sts_filename, @sts_session
  end
  return unless @role_session.nil?
  assume_role
  save_session @role_filename, @role_session
end

#credentials ⇒ Object

# File 'lib/awssession.rb', line 115

def credentials
  Aws::Credentials.new(*session_credentials)
end

#load_role_session ⇒ Object

# File 'lib/awssession.rb', line 42

def load_role_session
  @role_session = YAML.load_file("#{@session_save_path}/#{@profile.name}_#{@role_filename}") # Load
  if Time.now > @role_session.credentials.expiration
    # or soooooooon !
    puts 'Role session credentials expired. Removing obsolete role session file' if @debug > 0
    @role_session = nil
    File.delete("#{@session_save_path}/#{@profile.name}_#{@role_filename}")
  else
    FileUtils.ln_s("#{@session_save_path}/#{@profile.name}_#{@role_filename}", "./.#{@role_filename}", force: true)
    puts 'Found valid role session credentials.' if @debug > 0
  end
end

#load_session ⇒ Object

# File 'lib/awssession.rb', line 37

def load_session
  load_role_session if File.file?("#{@session_save_path}/#{@profile.name}_#{@role_filename}")
  load_sts_session if @role_session.nil? && File.file?("#{@session_save_path}/#{@profile.name}_#{@sts_filename}")
end

#load_sts_session ⇒ Object

# File 'lib/awssession.rb', line 55

def load_sts_session
  @sts_session = YAML.load_file("#{@session_save_path}/#{@profile.name}_#{@sts_filename}") # Load
  if Time.now > @sts_session.credentials.expiration
    # or soooooooon !
    puts 'STS session credentials expired. Removing obsolete sts session file' if @debug > 0
    @sts_session = nil
    File.delete("#{@session_save_path}/#{@profile.name}_#{@sts_filename}")
  elsif @debug > 0
    puts 'Found valid sts session credentials.'
  end
end

#read_token_input ⇒ Object

# File 'lib/awssession.rb', line 78

def read_token_input
  print 'Enter AWS MFA token: '
  @token_code = STDIN.noecho(&:gets)
  @token_code.chomp!
  puts ''
end

#save_session(file, session) ⇒ Object

# File 'lib/awssession.rb', line 110

def save_session(file, session)
  FileUtils.mkdir_p(@session_save_path)
  File.open("#{@session_save_path}/#{@profile.name}_#{file}", 'w') { |f| f.write session.to_yaml }
end

#session_credentials ⇒ Object

# File 'lib/awssession.rb', line 119

def session_credentials
  [
    @role_session.credentials.access_key_id,
    @role_session.credentials.secret_access_key,
    @role_session.credentials.session_token
  ]
end

#start ⇒ Object

# File 'lib/awssession.rb', line 32

def start
  load_session
  create_session
end

#sts_session_token ⇒ Object

# File 'lib/awssession.rb', line 85

def sts_session_token
  sts_client = Aws::STS::Client.new(
    access_key_id: @profile.aws_access_key_id,
    secret_access_key: @profile.aws_secret_access_key
  )
  @sts_session = sts_client.get_session_token(
    duration_seconds: @sts_lifetime,
    serial_number: @profile.mfa_serial,
    token_code: @token_code
  )
end