profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/yhakbar/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

yhakbar/akbarsaurus 0

Playing with the static site generator Docusaurus

yhakbar/asdf-gha-test 0

ASDF GHA Test

yhakbar/asdf-golang 0

golang plugin for asdf version manager https://github.com/asdf-vm/asdf

yhakbar/fd 0

A simple, fast and user-friendly alternative to 'find'

yhakbar/gorson 0

experiment with go and aws ssm parameter store

yhakbar/gossm 0

💻Interactive CLI tool that you can connect to ec2 using commands same as start-session, ssh in AWS SSM Session Manager

yhakbar/narcissus 0

narcissus updates a Golang struct with fields that have been tagged with `ssm:"Parameter"` according to the corresponding value in SSM Parameter Store using reflection.

push eventyhakbar/gossm

gjbae1212

commit sha 41a8287c3165ec0c3701c026f8ef3ea1a2397d98

Bypass it when a config is invalid.

view details

gjbae1212

commit sha 8be9ce9b1d15d4d51d30f24d3ffe3d9199a1009e

Delete credential argument.

view details

gjbae1212

commit sha e43138a4a687b1dfb72788811d0e5abcb547e6d7

Fix a version.

view details

gjbae1212

commit sha c9732fd5a9dfefb1a6db9f5acc87823ce1dc6de6

Fix to code for extracting AWS config.

view details

push time in 12 days

issue commentgjbae1212/gossm

AWS_SHARED_CREDENTIALS_FILE Overwritten By Default

Thanks for addressing this @gjbae1212 !

I think the issue might still exist:

$ gossm --version
gossm version v1.4.2
$ gossm start 
[err] [err][cmd.initConfig:249] [err][internal.NewSharedConfig:61] failed to load assume role *my-role-arn*, of profile default, <nil>

It seems you're open to having gossm change to make this use-case work, though. I'll try to get you a PR addressing this today.

yhakbar

comment created time in 14 days

issue commentgjbae1212/gossm

AWS_SHARED_CREDENTIALS_FILE Overwritten By Default

When attempting to use gossm, I get the following error:

[err] [err][cmd.initConfig:209] [err][internal.NewSharedConfig:61] failed to load assume role *my role arn*, of profile default, <nil>

If I run this, the error goes away:

export AWS_SHARED_CREDENTIALS_FILE=$HOME/.aws/credentials

In my setup, I'm performing role assumption and handling MFA outside of gossm.

This is what my ~/.aws/credentials file looks like:

[default]
aws_session_token     = session token
aws_access_key_id     = temporary access key id
aws_secret_access_key = temporary secret key

[my-profile]
role_arn       = role arn
source_profile = default

This is what my ~/.aws/config file looks like:

[default]
output     = json
mfa_serial = mfa arn

[profile my-profile]
role_arn       = role arn
source_profile = default

Let me know if you think I'm using gossm wrong. Thanks for your help!

yhakbar

comment created time in 18 days

fork yhakbar/gossm

💻Interactive CLI tool that you can connect to ec2 using commands same as start-session, ssh in AWS SSM Session Manager

fork in 18 days

issue commentgjbae1212/gossm

AWS_SHARED_CREDENTIALS_FILE Overwritten By Default

@gjbae1212 if a user does not set AWS_SHARED_CREDENTIALS_FILE, then the default behavior for the golang AWS SDK is not used (gossm doesn't try to use $HOME/.aws/credentials, but instead replaces the value with $HOME/.aws/credentials_mfa on this line https://github.com/gjbae1212/gossm/blob/961c577b069a278c239c7c390da29a167437397c/cmd/root.go#L117).

yhakbar

comment created time in 18 days

issue openedgjbae1212/gossm

AWS_SHARED_CREDENTIALS_FILE Overwritten By Default

I believe AWS_SHARED_CREDENTIALS_FILE is being overwritten by default here in order to support the new MFA feature added recently.

Would it be possible to make this an optional feature? This makes the application interact with the AWS SDK in an unexpected fashion.

In order to avoid this, users have to export AWS_SHARED_CREDENTIALS_FILE=$HOME/.aws/credentials, which forces the shared credentials file to be the default expected for use with the AWS SDK for go.

created time in 19 days

created tagpbs/redyl

tagv1.0.0

experimental library for AWS multi-factor-authentication

created time in 20 days

push eventpbs/redyl

Yousif H. Akbar

commit sha b538b4040f6f2247ca52c552e8c0a5abfef98102

Bumping version to 1.0.0

view details

push time in 20 days

create barnchpbs/redyl

branch : main

created branch time in 20 days

delete branch pbs/redyl

delete branch : master

delete time in 20 days

delete branch pbs/redyl

delete branch : bugfix/17/prevent_writing_to_default

delete time in 20 days

push eventpbs/redyl

Yousif H. Akbar

commit sha 6f6741971fb56cea11edd36eb59d968b9477fa25

Preventing overwrite of default when named profile is used

view details

Yousif Akbar

commit sha 87e610b441ad4d6d1db023caaf75d7809e183317

Merge pull request #18 from pbs/bugfix/17/prevent_writing_to_default Preventing overwrite of default when named profile is used

view details

push time in 20 days

PR merged pbs/redyl

Preventing overwrite of default when named profile is used

Closes #17

I think this will prevent the behavior that we've been noticing, but I don't know if this violates the desired behavior of the application, as it seems accounted for in the test case here.

I thought that the default field within the ~/.aws files should remain untouched when using a --profile flag, as the user would expect a single pair of profiles (named_original and named) to be updated with the rotated credentials from redyl.

This is useful in a situation where a user has a default profile that doesn't need redyl-ing (or is using a different MFA device) and wants the named profile to be redyl-ed independently.

+1 -13

1 comment

4 changed files

yhakbar

pr closed time in 20 days

issue closedpbs/redyl

Default profile overridden even when `--profile` is provided

When users use the --profile option, the [default] field is overridden, even though the command should only be overriding the value of --profile.

closed time in 20 days

yhakbar

PR opened pbs/redyl

Reviewers
Preventing overwrite of default when named profile is used

Closes #17

I think this will prevent the behavior that we've been noticing, but I don't know if this violates the desired behavior of the application, as it seems accounted for in the test case here.

I thought that the default field within the ~/.aws files should remain untouched when using a --profile flag, as the user would expect a single pair of profiles (named_original and named) to be updated with the rotated credentials from redyl.

This is useful in a situation where a user has a default profile that doesn't need redyl-ing (or is using a different MFA device) and wants the named profile to be redyl-ed independently.

+1 -13

0 comment

4 changed files

pr created time in 20 days

create barnchpbs/redyl

branch : bugfix/17/prevent_writing_to_default

created branch time in 20 days

issue openedpbs/redyl

Default profile overridden even when `--profile` is provided

When users use the --profile option, the [default] field is overridden, even though the command should only be overriding the value of --profile.

created time in 20 days

issue openedgjbae1212/gossm

Document Permissions Required for gossm

Hello!

First of all, thanks for gossm. This tool is awesome!

We've recently run into permissions issues after upgrading to gossm 1.4.0, due to the added API call to ssm:DescribeInstanceInformation. Would it be possible to document the permissions required to utilize gossm so that developers can be assigned minimal privileges to work with it?

Also, in our testing, it seems like the following permissions need to be granted on all resources without restriction in order to use gossm:

created time in 20 days

issue openedpbs/gorson

Add Confirmation for Puts

Now that gorson is being used more widely, it might be nice to have a little confirmation page with a diff on parameter updates before completing the put request.

created time in 3 months

create barnchyhakbar/aws-amplify-quick-notes

branch : main

created branch time in 3 months

push eventyhakbar/aws-amplify-quick-notes

Jared Franzone

commit sha 853113ea959c02919d52aeebae6f4f99508beeae

update node

view details

Jared Franzone

commit sha f00cc15400b3a2fd9c414ff170761ac6047973f1

Merge pull request #22 from aws-samples/update-node update node

view details

push time in 3 months