JustinJohnWilliams/aws

## aws
#!/bin/bash

function __aws-login-as {
  local account="$1"

  aws-logout
  echo >&2 "Logging in for $account account..."

  local access_key_id="$(pass "aws/$account/access_key_id")"
  local secret_access_key="$(pass "aws/$account/secret_access_key")"
  local mfa_device="$(pass "aws/$account/mfa_device")"
  local mfa_secret="$(pass "aws/$account/mfa_secret")"

  if [[ -z $access_key_id || -z $secret_access_key || -z $mfa_device || -z $mfa_secret ]]; then
    echo -e >&2 "\x1B[31mError: Missing AWS access keys or MFA secret.\x1B[39m"
    return 1
  fi

  export AWS_ACCESS_KEY_ID="$access_key_id"
  export AWS_SECRET_ACCESS_KEY="$secret_access_key"

  echo >&2 "Using access key ID $access_key_id to get a temporary session token."

  local session_token_response
  session_token_response=$(aws sts get-session-token \
    --serial-number "$mfa_device" \
    --token-code "$(oathtool --totp=sha1 --base32 "$mfa_secret")" 2>&1)

  if [[ "${session_token_response/\"SessionToken\"\:}" = "$session_token_response" ]]; then
    echo -e >&2 "\x1B[31mInitial authentication failed with error:\x1B[39m $session_token_response"
    aws-logout
    return 1
  else
    echo -e >&2 "\x1B[32mInitial authentication succeeded.\x1B[39m"

    local session_token="$(echo "$session_token_response" | jq -r '.Credentials.SessionToken')"
    local session_expiration="$(echo "$session_token_response" | jq -r '.Credentials.Expiration')"
    export AWS_ACCESS_KEY_ID="$(echo "$session_token_response" | jq -r '.Credentials.AccessKeyId')"
    export AWS_SECRET_ACCESS_KEY="$(echo "$session_token_response" | jq -r '.Credentials.SecretAccessKey')"
    export AWS_SESSION_TOKEN="$session_token"
    export AWS_SESSION_EXPIRATION="$session_expiration"
    export AWS_ACCOUNT="$(aws sts get-caller-identity | jq -r '.Account')"

    echo >&2 "Switching to use temporary access key ID $AWS_ACCESS_KEY_ID, which expires at $session_expiration"
  fi
}

function __aws-assume-role {
  local account_id
  case "$1" in
    dev)
      account_id="123456789012"
      ;;
    prod)
      account_id="098765432109"
      ;;
    *)
      account_id="$1"
      ;;
  esac

  local role_name
  case "$2" in
    full)
      role_name="allow-full-access-from-security"
      ;;
    read)
      role_name="allow-read-only-access-from-security"
      ;;
    *)
      color_print 31 "Invalid access type argument specified. Must be one of 'full' or 'read'"
      return
      ;;
  esac

  local role_arn="arn:aws:iam::$account_id:role/$role_name"
  color_print 95 "Assuming role %s" "$role_arn" >&2

  local assume_role_response
  assume_role_response=$(aws sts assume-role --role-arn "$role_arn" --role-session-name "$USER" 2>&1)

  if [[ "${assume_role_response/error}" = "$assume_role_response" ]]; then
    color_print 32 "Assume IAM role succeeded." >&2
  else
    color_print 31 "Assuming IAM role failed with error: %s" "$assume_role_response" >&2
    aws-logout
    return
  fi

  color_print 32 "Set final temporary AWS_ACCESS_KEY_ID and associated secret key and session token" >&2

  export AWS_ACCESS_KEY_ID="$(echo "$assume_role_response" | jq -r '.Credentials.AccessKeyId')"
  export AWS_SECRET_ACCESS_KEY="$(echo "$assume_role_response" | jq -r '.Credentials.SecretAccessKey')"
  export AWS_SESSION_TOKEN="$(echo "$assume_role_response" | jq -r '.Credentials.SessionToken')"
  export AWS_SESSION_EXPIRATION="$(echo "$assume_role_response" | jq -r '.Credentials.Expiration')"
  export AWS_ACCOUNT="$(aws sts get-caller-identity | jq -r '.Account')"
}

function aws-status {
  aws sts get-caller-identity;
}

function aws-mycorp-security {
  __aws-login-as mycorp-security
  if [ $# -eq 0 ]
  then
    return
  fi

  __aws-assume-role "$@"
}

function aws-env { printenv | grep AWS; }

function aws-logout {
  unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_EXPIRATION AWS_SESSION_TOKEN AWS_PROFILE AWS_DEFAULT_REGION AWS_ACCOUNT AWS_REGION;
}


## random
#!/bin/bash

function urlencode() {
  python -c 'import urllib, sys; print urllib.quote(sys.argv[1], sys.argv[2])' \
    "$1" "$urlencode_safe"
}

function dad { DAD_JOKE=$(curl -s -H "Accept: text/plain" https://icanhazdadjoke.com/); echo "$DAD_JOKE";  }

function yank-cuid { cuid -s | tr -d '\n' | pbcopy; echo $(pbpaste); }

function yank-cuid-long { cuid | tr -d '\n' | pbcopy; echo $(pbpaste); }

function set_color_mode_elevated() {
  tmux select-pane -P 'bg=colour55'
}

function set_color_mode_default() {
  tmux select-pane -P 'bg=default'
}

function __set_pane_color() {
  local color="bg=colour$1"
  tmux select-pane -P $color
}

function yank-totp-aws-mycorp{
  __get-totp-for aws/mycorp
}

function yank-totp-aws-me {
  __get-totp-for aws/me
}

function __get-totp-for {
  ACCOUNT=$1
  OTP=$(oathtool --totp=sha1 --base32 "$(pass $ACCOUNT/mfa_secret)")
  echo $OTP | tr -d '\n' | pbcopy
  echo $OTP
}

function color_print {
  local color=$1
  shift
  printf "\x1B[%sm%s\x1B[39m\n" "$color" "$@"
}
	#!/bin/bash

	function __aws-login-as {
	local account="$1"

	aws-logout
	echo >&2 "Logging in for $account account..."

	local access_key_id="$(pass "aws/$account/access_key_id")"
	local secret_access_key="$(pass "aws/$account/secret_access_key")"
	local mfa_device="$(pass "aws/$account/mfa_device")"
	local mfa_secret="$(pass "aws/$account/mfa_secret")"

	if [[ -z $access_key_id \|\| -z $secret_access_key \|\| -z $mfa_device \|\| -z $mfa_secret ]]; then
	echo -e >&2 "\x1B[31mError: Missing AWS access keys or MFA secret.\x1B[39m"
	return 1
	fi

	export AWS_ACCESS_KEY_ID="$access_key_id"
	export AWS_SECRET_ACCESS_KEY="$secret_access_key"

	echo >&2 "Using access key ID $access_key_id to get a temporary session token."

	local session_token_response
	session_token_response=$(aws sts get-session-token \
	--serial-number "$mfa_device" \
	--token-code "$(oathtool --totp=sha1 --base32 "$mfa_secret")" 2>&1)

	if [[ "${session_token_response/\"SessionToken\"\:}" = "$session_token_response" ]]; then
	echo -e >&2 "\x1B[31mInitial authentication failed with error:\x1B[39m $session_token_response"
	aws-logout
	return 1
	else
	echo -e >&2 "\x1B[32mInitial authentication succeeded.\x1B[39m"

	local session_token="$(echo "$session_token_response" \| jq -r '.Credentials.SessionToken')"
	local session_expiration="$(echo "$session_token_response" \| jq -r '.Credentials.Expiration')"
	export AWS_ACCESS_KEY_ID="$(echo "$session_token_response" \| jq -r '.Credentials.AccessKeyId')"
	export AWS_SECRET_ACCESS_KEY="$(echo "$session_token_response" \| jq -r '.Credentials.SecretAccessKey')"
	export AWS_SESSION_TOKEN="$session_token"
	export AWS_SESSION_EXPIRATION="$session_expiration"
	export AWS_ACCOUNT="$(aws sts get-caller-identity \| jq -r '.Account')"

	echo >&2 "Switching to use temporary access key ID $AWS_ACCESS_KEY_ID, which expires at $session_expiration"
	fi
	}

	function __aws-assume-role {
	local account_id
	case "$1" in
	dev)
	account_id="123456789012"
	;;
	prod)
	account_id="098765432109"
	;;
	*)
	account_id="$1"
	;;
	esac

	local role_name
	case "$2" in
	full)
	role_name="allow-full-access-from-security"
	;;
	read)
	role_name="allow-read-only-access-from-security"
	;;
	*)
	color_print 31 "Invalid access type argument specified. Must be one of 'full' or 'read'"
	return
	;;
	esac

	local role_arn="arn:aws:iam::$account_id:role/$role_name"
	color_print 95 "Assuming role %s" "$role_arn" >&2

	local assume_role_response
	assume_role_response=$(aws sts assume-role --role-arn "$role_arn" --role-session-name "$USER" 2>&1)

	if [[ "${assume_role_response/error}" = "$assume_role_response" ]]; then
	color_print 32 "Assume IAM role succeeded." >&2
	else
	color_print 31 "Assuming IAM role failed with error: %s" "$assume_role_response" >&2
	aws-logout
	return
	fi

	color_print 32 "Set final temporary AWS_ACCESS_KEY_ID and associated secret key and session token" >&2

	export AWS_ACCESS_KEY_ID="$(echo "$assume_role_response" \| jq -r '.Credentials.AccessKeyId')"
	export AWS_SECRET_ACCESS_KEY="$(echo "$assume_role_response" \| jq -r '.Credentials.SecretAccessKey')"
	export AWS_SESSION_TOKEN="$(echo "$assume_role_response" \| jq -r '.Credentials.SessionToken')"
	export AWS_SESSION_EXPIRATION="$(echo "$assume_role_response" \| jq -r '.Credentials.Expiration')"
	export AWS_ACCOUNT="$(aws sts get-caller-identity \| jq -r '.Account')"
	}

	function aws-status {
	aws sts get-caller-identity;
	}

	function aws-mycorp-security {
	__aws-login-as mycorp-security
	if [ $# -eq 0 ]
	then
	return
	fi

	__aws-assume-role "$@"
	}

	function aws-env { printenv \| grep AWS; }

	function aws-logout {
	unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_EXPIRATION AWS_SESSION_TOKEN AWS_PROFILE AWS_DEFAULT_REGION AWS_ACCOUNT AWS_REGION;
	}
	#!/bin/bash

	function urlencode() {
	python -c 'import urllib, sys; print urllib.quote(sys.argv[1], sys.argv[2])' \
	"$1" "$urlencode_safe"
	}

	function dad { DAD_JOKE=$(curl -s -H "Accept: text/plain" https://icanhazdadjoke.com/); echo "$DAD_JOKE"; }

	function yank-cuid { cuid -s \| tr -d '\n' \| pbcopy; echo $(pbpaste); }

	function yank-cuid-long { cuid \| tr -d '\n' \| pbcopy; echo $(pbpaste); }

	function set_color_mode_elevated() {
	tmux select-pane -P 'bg=colour55'
	}

	function set_color_mode_default() {
	tmux select-pane -P 'bg=default'
	}

	function __set_pane_color() {
	local color="bg=colour$1"
	tmux select-pane -P $color
	}

	function yank-totp-aws-mycorp{
	__get-totp-for aws/mycorp
	}

	function yank-totp-aws-me {
	__get-totp-for aws/me
	}

	function __get-totp-for {
	ACCOUNT=$1
	OTP=$(oathtool --totp=sha1 --base32 "$(pass $ACCOUNT/mfa_secret)")
	echo $OTP \| tr -d '\n' \| pbcopy
	echo $OTP
	}

	function color_print {
	local color=$1
	shift
	printf "\x1B[%sm%s\x1B[39m\n" "$color" "$@"
	}