Show your Tool: awsume

Michael Wittig – 22 Oct 2019

In this series, we present AWS tooling from the community for the community. We talk directly with the tool makers. Who are they? What problem does the tool solve? And what motivates them to contribute to open-source AWS tooling.

Show your Tool

This time, we talk with Michael Barney about awsume. You can find Michael on GitHub and Twitter. Michael also has a website.

cloudonaut: Tell us a little about yourself, your history with AWS, and your motivation to develop AWS tooling.
Michael Barney: After college, I started at Trek10, an AWS consulting partner specializing in serverless. It was there that I discovered a passion for Serverless. As of writing, I’ve been working with AWS for about two years. I believe that the more AWS tooling evolves, the more enabled developers will be. The tool I’ve worked on, awsume, has helped the team at Trek10 a ton.

cloudonaut: What problem does your tool solve?
Michael Barney: awsume‚ is a command-line tool that grabs AWS credentials (access keys, session token, etc.) and exports them to environment variables. It makes MFA much easier to use, it’s extensible, and it comes with a few cool built-in utilities such as autoawsume, which automatically refreshes your credentials for you in the background.

cloudonaut: Who should use your tool? Who should not?
Michael Barney: The motivation behind the tool was that since the AWS CLI would use the MFA token on the assume-role call, you would have to re-enter your MFA token every hour. What you can do instead is make the get-session-token call on the source profile, which returns MFA credentials that are valid for 12 hours, so you can use those credentials every hour to renew your role credentials, without needing to re-enter your MFA token.

Trek10 does work in multiple accounts for each of our clients, so another motivation behind awsume is that maintaining your config and credentials files became cumbersome. awsume helped in that aspect by being extensible, so we developed a plugin to inject those profiles from our internal database at runtime.

Long story short, awsume is meant to be used by anyone who needs to access an aws account. Whether you’re part of a large complex organization or a hobbyist with a personal account, awsume could definitely help you out.

cloudonaut: Show us a short demo of your tool
Michael Barney: Please check out this short demo.

awsume Demo

Andreas and Michael Wittig

Please support our work!

We have published 327 articles, 41 podcast episodes, and 15 videos. It's all free and means a lot of work in our spare time.

Thanks to Alex DeBrie, e9e4e5f0faef, Goran Opacic, jhoadley, Thorsten Hoeger, Todd Valentine, Vince Fulco, and all anonymous supporters for your help! We also want to thank all supporters who purchased a cloudonaut t-shirt. It gives us great pleasure to send our t-shirts all over the world.

With your help, we can continue to produce independent & high-quality content focused on AWS. Please support us!

Support us

Basically, you run awsume <profile_name>, but there’s plenty of other ways to use awsume. Check out the documentation to learn about all features.

cloudonaut: How can we use your tool?
Michael Barney: Follow the quickstart guide at

On most machines, you should be able to pip install awsume, restart your terminal, and it’ll work.

cloudonaut: Where can we find more information about your tool?
Michael Barney: I would check out the website.

cloudonaut: Are you aware of tools that solve a similar problem than yours? What’s the difference?
Michael Barney: There are a few, namely aws-vault. As someone that hasn’t used it, it’s hard to talk about the differences, but I do know that aws-vault stores your credentials in the macOS Keychain, Windows Credential Manager, etc. as opposed to the default config and credentials files.

cloudonaut: What’s the roadmap for your tool? Are you planning any significant releases?
Michael Barney: There isn’t a public roadmap. You could check the GitHub repo for open issues and feature requests, so if you want it to do something that it doesn’t already, feel free to open an issue.

cloudonaut: How do you stay motivated to maintain your open source project?
Michael Barney: Working at a company that encourages best practices and thought leadership like Trek10, it’s pretty easy to stay motivated. I love good software.

cloudonaut: Are you attending any conferences within the next few months where the community can get in touch?
Michael Barney: I should be attending ServerlessConf this year.

What tools do you use to make your AWS work easier? Share your favorite tool with us!

Tags: aws iam tool
Michael Wittig

Michael Wittig

I launched in 2015 with my brother Andreas. Since then, we have published hundreds of articles, podcast episodes, and videos. It’s all free and means a lot of work in our spare time. We enjoy sharing our AWS knowledge with you.
Have you learned something new by reading, listening, or watching our content? If so, we kindly ask you to support us in producing high-quality & independent AWS content. We look forward to sharing our AWS knowledge with you.

Support us

Feedback? Questions? You can reach me via Email, Twitter, or LinkedIn.