bartekj / aws-tools Goto Github PK

View Code? Open in Web Editor NEW

15.0 15.0 3.0 96 KB

Some aws related scripts

License: MIT License

Python 96.16% Shell 3.84%

aws-tools's People

Contributors

Stargazers

Watchers

Forkers

yveshwang pangorgo kpucynski

aws-tools's Issues

Add support for gpg-agent

When running gpg-agent, user should not be asked for password, but agent used instead.

poor getting started document for us OSX folks

AccessKeysPerUser quota

If you created more than one Access key ID and want to roll your keys, python throws the exception:

Traceback (most recent call last):
  File "/home/radar/.local/bin/aws-roll-keys.py", line 212, in <module>
    main()
  File "/home/radar/.local/bin/aws-roll-keys.py", line 156, in main
    resp = client.create_access_key()
  File "/home/radar/.local/lib/python2.7/site-packages/botocore/client.py", line 357, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/home/radar/.local/lib/python2.7/site-packages/botocore/client.py", line 661, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.errorfactory.LimitExceededException: An error occurred (LimitExceeded) when calling the CreateAccessKey operation: Cannot exceed quota for AccessKeysPerUser: 2

ZSH - command not found

Hi Bart :)
I have an issue with the tool when using zsh shell.
After installing with pip I'm getting:

zsh: command not found: awsenv

Any ideas to get your tool working on ZSH ? OSX should running now on zsh so it would be nice to have the tool compatible with this shell.

[aws-roll-keys.py] encryption fails while using a special characters

Encryption of rolled keys with fails if you have a special character in your GPG key:

DEBUG:gnupg:Âniegocki <[email protected]>: skipped: No public key DEBUG:gnupg:[GNUPG:] INV_RECP 1 Piotr Ã DEBUG:gnupg:Âniegocki <[email protected]> DEBUG:gnupg:[GNUPG:] FAILURE encrypt 9 DEBUG:gnupg:gpg: [stdin]: encryption failed: No public key

Adding gpg.encoding = 'utf-8' resolves the issue.

gpg.list_keys output without gpg.encoding = 'utf-8':

#!/usr/bin/python3
import gnupg

gpg = gnupg.GPG(use_agent=True)

private_keys = gpg.list_keys(True)
print(private_keys[0]["uids"][1])

$ ./gpg.py 
Piotr Åniegocki <[email protected]>

Fixed gpg.list_keys output:

import gnupg

gpg = gnupg.GPG(use_agent=True)

gpg.encoding = 'utf-8'

private_keys = gpg.list_keys(True)
print(private_keys[0]["uids"][1])

$ ./gpg.py 
Piotr Śniegocki <[email protected]>

wheel package

Create whl package and put into pypi.python.org

aws-roll-keys.py not rolling keys correctly

Strange situation. I've rolled keys for one of my aws accounts and they where rolled in AWS but not saved in the encrypted file.

[1.91] barjak@x1:~$ aws-roll-keys.py -e test
Please enter passphrase for decrypting env files: 
Rolled key for env test: AccessKeyId=****************TH2XA; CreateDate=2017-01-25 13:19:54.978000+00:00

-rw-r--r-- 1 barjak barjak 0 Jan 25 14:19 env.test.conf.asc

After some debug we found a problem with gnupg in python.
Having both packets installed with pip

gnupg==2.2.0
python-gnupg==0.3.9

Its setting different gnupg home dir:

Initialised settings:
binary: /usr/local/bin/gpg
binary version: 2.1.11
homedir: /home/barjak/.config/python-gnupg
ignore_homedir_permissions: False
keyring: /home/barjak/.config/python-gnupg/pubring.gpg
secring: /home/barjak/.config/python-gnupg/secring.gpg

Switch to new access keys after they where rolled out.

When rolling out keys for prod I noticed that ole ones are staying in credentials file. Was thinking about switching to new keys after they where generated.

Printing detailed view for instances without ARN

When using aws-list-ec2.py -i ID, some instances return:

Traceback (most recent call last):
  File "/home/radar/.local/bin/aws-list-ec2.py", line 123, in <module>
    main()
  File "/home/radar/.local/bin/aws-list-ec2.py", line 119, in main
    get_ec2()
  File "/home/radar/.local/bin/aws-list-ec2.py", line 83, in get_ec2
    ('ARN profile', instance.iam_instance_profile['Arn']),
TypeError: 'NoneType' object has no attribute '__getitem__'

DBus notification on env change

Add DBus notification on environment change.

Allow user to have different names for environments

This could be done by scanning ~/.aws/ directory for files with pattern env.$ENV.conf.asc

Allow user to re-enter passphrase if it's incorrect

Be able to export variable to environment rather then create a file with credentials

autocompletion

Switching between environments should autocomplete basing on names of encrypted files.
Kind of:

function envs() {
    local word=${COMP_WORDS[COMP_CWORD]}
    local files=$(ls ~/.aws/env*asc | cut -d "." -f 3)
    COMPREPLY=( $(compgen -W "$files" -- "$word") )
}

complete -F envs awsenv

dockerise aws-tools please

aws-list-ec2.py - TypeError: 'NoneType' object is not iterable

Not sure what exactly is causing the problem but after printing out a larger list of instances it ending like this:

Traceback (most recent call last):
  File "/usr/local/bin/aws-list-ec2.py", line 116, in <module>
    main()
  File "/usr/local/bin/aws-list-ec2.py", line 112, in main
    get_ec2()
  File "/usr/local/bin/aws-list-ec2.py", line 100, in get_ec2
    for tag in instance.tags:
TypeError: 'NoneType' object is not iterable

python-gnupg in debian repos does not work

For some reason, even though the packaged version is the same python-gnupg version 0.3.9-1 in Debian does not work.