diff --git a/README.md b/README.md index a0f4805..35fa06b 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,7 @@ In a typical AWS credentials file (located at `~/.aws/credentials`), credentials By default long term credential sections are identified by the convention `[-long-term]` and short term credentials are identified by the typical convention: `[]`. The following illustrates how you would configure you credentials file using **aws-mfa** with your default credentials: + ```ini [default-long-term] aws_access_key_id = YOUR_LONGTERM_KEY_ID @@ -75,6 +76,22 @@ aws_secret_access_key = aws_security_token = ``` +Proxy set up +-------------------------- + +In proxies section, you can set up the proxy you want to +```ini +[proxies] +http=http.proxy.com:8080 +https=https.proxy.com:3128 +``` +or you can use the --proxies argument with dictionary data of proxy like: + +``` +{http: 'http.proxy.com:8080'} +``` + + The default naming convention for the credential section can be overriden by using the `--long-term-suffix` and `--short-term-suffix` command line arguments. For example, in a multi account scenario you can have one AWS account that manages the IAM users for your organization and have other AWS accounts for development, staging and production diff --git a/awsmfa/__init__.py b/awsmfa/__init__.py index 21e7096..aa14345 100755 --- a/awsmfa/__init__.py +++ b/awsmfa/__init__.py @@ -11,10 +11,11 @@ import os import sys import boto3 +from botocore.config import Config from botocore.exceptions import ClientError, ParamValidationError from awsmfa.config import initial_setup -from awsmfa.util import log_error_and_exit, prompter +from awsmfa.util import log_error_and_exit, prompter, merge_dict logger = logging.getLogger('aws-mfa') @@ -83,6 +84,10 @@ def main(): type=str, help="Provide MFA token as an argument", required=False) + parser.add_argument('--proxies', + type=dict, + help="Setup proxy for aws client, using dict format like {'http':'foo.bar:3128'}", + required=False) args = parser.parse_args() level = getattr(logging, args.log_level) @@ -99,7 +104,6 @@ def main(): else: log_error_and_exit(logger, 'Could not locate credentials file at ' '%s' % (AWS_CREDS_PATH,)) - config = get_config(AWS_CREDS_PATH) if args.setup: @@ -144,6 +148,11 @@ def validate(args, config): "The value for '--long-term-suffix' cannot " "be equal to the value for '--short-term-suffix'") + if args.proxies or 'proxies' in config.sections(): + args.real_proxies = merge_dict(args.proxies, dict(config.items('proxies'))) + else: + args.real_proxies= None + if args.assume_role: role_msg = "with assumed role: %s" % (args.assume_role,) elif config.has_option(args.profile, 'assumed_role_arn'): @@ -285,12 +294,19 @@ def get_credentials(short_term_name, lt_key_id, lt_access_key, args, config): mfa_token = console_input('Enter AWS MFA code for device [%s] ' '(renewing for %s seconds):' % (args.device, args.duration)) - - client = boto3.client( - 'sts', - aws_access_key_id=lt_key_id, - aws_secret_access_key=lt_access_key - ) + if args.real_proxies: + client = boto3.client( + 'sts', + aws_access_key_id=lt_key_id, + aws_secret_access_key=lt_access_key, + config=Config(proxies=args.real_proxies) + ) + else: + client = boto3.client( + 'sts', + aws_access_key_id=lt_key_id, + aws_secret_access_key=lt_access_key + ) if args.assume_role: diff --git a/awsmfa/util.py b/awsmfa/util.py index 97b83f1..5387f37 100644 --- a/awsmfa/util.py +++ b/awsmfa/util.py @@ -1,5 +1,5 @@ import sys - +import copy def log_error_and_exit(logger, message): """Log an error message and exit with error""" @@ -14,3 +14,12 @@ def prompter(): console_input = input return console_input + +def merge_dict(x, y): + z=copy.deepcopy(x) + if z: + z.update(y) + return z + else: + return y + \ No newline at end of file