Show your Tool: awsume

Michael Wittig – 22 Oct 2019

In this series, we present AWS tooling from the community for the community. We talk directly with the tool makers. Who are they? What problem does the tool solve? And what motivates them to contribute to open-source AWS tooling.

Show your Tool

This time, we talk with Michael Barney about awsume. You can find Michael on GitHub and Twitter. Michael also has a website.

cloudonaut: Tell us a little about yourself, your history with AWS, and your motivation to develop AWS tooling.
Michael Barney: After college, I started at Trek10, an AWS consulting partner specializing in serverless. It was there that I discovered a passion for Serverless. As of writing, I’ve been working with AWS for about two years. I believe that the more AWS tooling evolves, the more enabled developers will be. The tool I’ve worked on, awsume, has helped the team at Trek10 a ton.

cloudonaut: What problem does your tool solve?
Michael Barney: awsume‚ is a command-line tool that grabs AWS credentials (access keys, session token, etc.) and exports them to environment variables. It makes MFA much easier to use, it’s extensible, and it comes with a few cool built-in utilities such as autoawsume, which automatically refreshes your credentials for you in the background.

cloudonaut: Who should use your tool? Who should not?
Michael Barney: The motivation behind the tool was that since the AWS CLI would use the MFA token on the assume-role call, you would have to re-enter your MFA token every hour. What you can do instead is make the get-session-token call on the source profile, which returns MFA credentials that are valid for 12 hours, so you can use those credentials every hour to renew your role credentials, without needing to re-enter your MFA token.

Trek10 does work in multiple accounts for each of our clients, so another motivation behind awsume is that maintaining your config and credentials files became cumbersome. awsume helped in that aspect by being extensible, so we developed a plugin to inject those profiles from our internal database at runtime.

Long story short, awsume is meant to be used by anyone who needs to access an aws account. Whether you’re part of a large complex organization or a hobbyist with a personal account, awsume could definitely help you out.

cloudonaut: Show us a short demo of your tool
Michael Barney: Please check out this short demo.

awsume Demo

Basically, you run awsume <profile_name>, but there’s plenty of other ways to use awsume. Check out the documentation to learn about all features.

cloudonaut: How can we use your tool?
Michael Barney: Follow the quickstart guide at https://awsu.me/general/quickstart.html.

On most machines, you should be able to pip install awsume, restart your terminal, and it’ll work.

cloudonaut: Where can we find more information about your tool?
Michael Barney: I would check out the https://awsu.me website.

cloudonaut: Are you aware of tools that solve a similar problem than yours? What’s the difference?
Michael Barney: There are a few, namely aws-vault. As someone that hasn’t used it, it’s hard to talk about the differences, but I do know that aws-vault stores your credentials in the macOS Keychain, Windows Credential Manager, etc. as opposed to the default config and credentials files.

cloudonaut: What’s the roadmap for your tool? Are you planning any significant releases?
Michael Barney: There isn’t a public roadmap. You could check the GitHub repo for open issues and feature requests, so if you want it to do something that it doesn’t already, feel free to open an issue.

cloudonaut: How do you stay motivated to maintain your open source project?
Michael Barney: Working at a company that encourages best practices and thought leadership like Trek10, it’s pretty easy to stay motivated. I love good software.

cloudonaut: Are you attending any conferences within the next few months where the community can get in touch?
Michael Barney: I should be attending ServerlessConf this year.

What tools do you use to make your AWS work easier? Share your favorite tool with us!

Tags: aws iam tool
Michael Wittig

Michael Wittig

I’m the author of Amazon Web Services in Action. I work as a software engineer, and independent consultant focused on AWS and DevOps.

You can contact me via Email, Twitter, and LinkedIn.

Briefcase icon
Hire me
Cover of Rapid Docker on AWS

New book: Rapid Docker on AWS

A rapid way to get your web application up and running on AWS. Made for web developers and DevOps engineers who want to dockerize their web applications and run their containers on Amazon Web Services. Prior knowledge of Docker and AWS is not required.

Buy icon
Buy now
Marbot Logo

Incident Management for Slack

Team up to solve incidents with our chatbot marbot. Never miss a critical alert. Escalate alerts from your AWS infrastructure among your team members. Strong integrations with all parts of your AWS infrastructure: CloudWatch, Elastic Beanstalk, RDS, EC2, ...

Slack icon
Try for free
📚 Rapid Docker on AWS
A rapid way to get your web application up and running on AWS. Learn how to package your application into Docker containers. Learn more.