Spotlight
ABAC vs RBAC for Access Control in AWS
Explore how Access Controls can protect your sensitive information from unauthorized access.
Kelly Briceno | Apr 20 2023
5 min read
5 min read
Fri, 14 Jul 2017
In case you’ve missed it, AWSume is a cross-platform AWS command-line tool that makes working with the AWS CLI under different profiles or roles super easy. You no longer have to manually set environment variables, or pass the --profile <profile_name> to the end of your AWS CLI calls. When you have your profiles correctly set up, you can simply run awsume <profile_name>, and AWSume will do the work for you!
AWSume works by setting your AWS environment variables. This way, any further AWS CLI calls you make will be under the profile you AWSume’d, until the profile credentials expire.
Before, we had to maintain three different code-bases for the various platforms that we want to support. It took a long time to update it and add new features. There were many steps involved in the installation, too.
We have moved the core of what AWSume is from the shell scripts into the Python script awsumepy. But why?
awsume shell wrappers for each platform we support. However, since the work has been taken from the shell and put on Python, maintaining these shell scripts is much easier.AWS role credentials are only valid for a maximum of an hour. This means that you need to call AWSume once for every hour that you work under that role. Now, we have developed an AWSume auto-refresher! By simply passing the -a option to AWSume with the given role, you’ll spawn a background process that refreshes roles that are about to expire, for as long as the role’s source profile’s credentials are valid. Once there are no more roles to refresh, autoAWSume stops running.
Explore how Access Controls can protect your sensitive information from unauthorized access.
