Created
August 18, 2023 21:48
-
-
Save mdaniel/b1e971bfaadc23639521a78981ee0fee to your computer and use it in GitHub Desktop.
awslocal upgraded to understand various static credential types plus the endpoint override mechanisms
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| # we never want it to contact IMDS since that's just log noise | |
| export AWS_EC2_METADATA_DISABLED=true | |
| if [[ -z "${AWS_CONFIG_FILE:-}" ]]; then | |
| AWS_CONFIG_FILE=$HOME/.aws/config_awslocal | |
| if [[ ! -e "$AWS_CONFIG_FILE" ]]; then | |
| unset AWS_CONFIG_FILE | |
| else | |
| export AWS_CONFIG_FILE | |
| fi | |
| fi | |
| # you'll want to be aware of: | |
| # https://github.com/boto/botocore/blob/1.31.29/botocore/data/endpoints.json | |
| # and the embedded "hostname" keys: https://github.com/boto/botocore/blob/1.31.29/botocore/data/endpoints.json#L132 | |
| # which is loaded via $HOME/.aws/models https://github.com/boto/botocore/blob/1.31.29/botocore/loaders.py#L47 | |
| # cat > .aws/models/endpoints.json<<"JSON" | |
| # { | |
| # "version": 3, | |
| # "partitions": [ | |
| # { | |
| # "partition": "aws", | |
| # "dnsSuffix": "", | |
| # "defaults": { | |
| # "signatureVersions": [ "v4" ], | |
| # "protocols": [ "http" ], | |
| # "hostname": "127.0.0.1:4566" | |
| # }, | |
| # "regions": {}, | |
| # "services": {} | |
| # } | |
| # ] | |
| # } | |
| # JSON | |
| # | |
| # more advanced(?) usage is that they have a json-programming-language for endpoint selection | |
| # in (e.g.) 'models/sts/2011-06-15/endpoint-rule-set-1.json' | |
| # but it has an "if True:" version allowing superseding endpoint.url: | |
| # { | |
| # "version": "1.0", | |
| # "parameters": {}, | |
| # "rules": [ | |
| # { | |
| # "conditions": [], | |
| # "endpoint": { | |
| # "url": "http://127.0.0.1:4566", | |
| # "properties": {}, | |
| # "headers": {} | |
| # }, | |
| # "type": "endpoint" | |
| # } | |
| # ] | |
| # } | |
| # and then {service}/{version_code}/service-2.sdk-extras.json https://github.com/boto/botocore/blob/1.31.29/botocore/loaders.py#L80 | |
| # watch out, they have added support for .json.gz recently so that one likely wins out | |
| # --- | |
| # https://github.com/boto/botocore/blob/1.31.29/botocore/configprovider.py#L55C28-L55C43 | |
| # AWS_CONFIG_FILE= | |
| # | |
| # https://github.com/boto/botocore/blob/1.31.29/botocore/configprovider.py#L61C19-L61C19 | |
| # AWS_SHARED_CREDENTIALS_FILE= | |
| # | |
| # https://github.com/boto/botocore/blob/1.31.29/botocore/configprovider.py#L54C38-L54C38 | |
| # AWS_DATA_PATH= | |
| # | |
| # https://github.com/boto/botocore/blob/1.31.29/botocore/configprovider.py#L134C22-L134C22 | |
| # AWS_ENDPOINT_DISCOVERY_ENABLED= | |
| # and its friends | |
| # AWS_EC2_METADATA_SERVICE_ENDPOINT= | |
| # AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE= | |
| # | |
| # https://github.com/boto/botocore/blob/1.31.29/botocore/configprovider.py#L884-L889 | |
| # so that says it checks AWS_ENDPOINT_URL_${service_id} followed by | |
| # AWS_ENDPOINT_URL= | |
| # followed by the config for the service, followed by the global config: | |
| # https://github.com/boto/botocore/blob/1.31.29/botocore/configprovider.py#L1002 | |
| # which seems to be something something "endpoint_url = " | |
| # | |
| # https://github.com/boto/botocore/blob/1.31.29/botocore/configprovider.py#L114C10-L114C45 | |
| # AWS_IGNORE_CONFIGURED_ENDPOINT_URLS= | |
| # | |
| # https://github.com/boto/botocore/blob/1.31.29/botocore/configprovider.py#L197C22-L197C22 | |
| # AWS_S3_US_EAST_1_REGIONAL_ENDPOINT= | |
| # | |
| # https://github.com/boto/botocore/blob/1.31.29/botocore/configprovider.py#L140C20-L140C20 | |
| # AWS_STS_REGIONAL_ENDPOINTS= oneOf(legacy, regional) | |
| # --- | |
| # be aware of the "indented blocks as sub-sections: | |
| # https://github.com/boto/botocore/blob/1.31.29/botocore/configloader.py#L122 | |
| # likely under the [services] key: https://github.com/boto/botocore/blob/1.31.29/botocore/configloader.py#L275 | |
| # although that snippet is .startswith() so [services s3]??? | |
| # [services] | |
| # s3 = | |
| # addressing_style = path | |
| # --- | |
| if [[ -z "${AWS_ENDPOINT_URL:-}" ]]; then | |
| if [[ -z "${AWS_DEFAULT_ENDPOINT_URL:-}" ]]; then | |
| # localstack but this one means nothing to botocore | |
| AWS_DEFAULT_ENDPOINT_URL="http://localhost:4566" | |
| fi | |
| AWS_ENDPOINT_URL="$AWS_DEFAULT_ENDPOINT_URL" | |
| fi | |
| if [[ -n "${__creds:-}" ]]; then | |
| if [[ $__creds == 0 ]]; then | |
| # len(a_a_k_i)=20 | |
| AWS_ACCESS_KEY_ID=AKIA0000000000000000 | |
| # len(a_s_a_k)=40 | |
| AWS_SECRET_ACCESS_KEY=SEKRIT0000000000000000000000000000000000 | |
| elif [[ $__creds == 1 ]]; then | |
| # >>> base36_enc(1234_5678_9012) | |
| # '1KPQZG2C' | |
| AWS_ACCESS_KEY_ID=AKIA1KPQZG2C00000000 | |
| AWS_SECRET_ACCESS_KEY=SEKRIT0000000000000000000000000000000000 | |
| elif [[ $__creds == x* ]]; then | |
| # use **clearly** bogus keys | |
| AWS_ACCESS_KEY_ID=alpha | |
| AWS_SECRET_ACCESS_KEY=beta | |
| else | |
| echo "WHAT KIND OF NONSENSE IS $__creds?!" >&2 | |
| exit 1 | |
| fi | |
| export AWS_ACCESS_KEY_ID | |
| export AWS_SECRET_ACCESS_KEY | |
| if [[ $__creds == x-session ]]; then | |
| AWS_SESSION_TOKEN=charlie | |
| export AWS_SESSION_TOKEN | |
| fi | |
| fi | |
| # using the "opt" version protects during "brew upgrade" | |
| # when the /bin version is unlinked | |
| exec $HOMEBREW_PREFIX/opt/awscli/bin/aws --endpoint-url="$AWS_ENDPOINT_URL" "$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment