-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathteam.py
More file actions
executable file
·102 lines (81 loc) · 3.32 KB
/
team.py
File metadata and controls
executable file
·102 lines (81 loc) · 3.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#!/usr/bin/env python
# app.py
# https://github.com/aws-samples/aws-iam-temporary-elevated-access-broker/
# blob/main/dynamodb-stream/dbstream.py
from utils import *
t = '#'*3 # '###'
mi = MyIndex(3)
ppwide(f'{t} {mi.set(0)}. AWS Samples / AWS IAM Temporary Elevated Access Broker')
## Sample Eamil
reviewer = incolor('reviewer', 'iYellow')
request_time = incolor('request_time', 'iYellow')
request_account = incolor('request_account', 'iYellow')
request_role = incolor('request_role', 'iYellow')
request_duration = incolor('request_duration', 'iYellow')
expiration_time = incolor('expiration_time', 'iYellow')
cloudfrontURL = incolor('cloudfrontURL', 'iYellow')
data = f"""The following privileged access request has been APPROVED by {reviewer}:
Submitted (UTC): {request_time}
Account: {request_account}
Role: {request_role}
Duration: {request_duration}
Your elevated access will expire on {expiration_time} UTC.
You can obtain temporary security credentials for your approved
elevation by accessing your request dashboard: {cloudfrontURL}"""
print()
ppwide(f'{t} {mi.set(1)}. Sample Email')
print(data)
## Sample Env var Data
accessKeyId = 'accessKeyId'
secretAccessKey = 'secretAccessKey'
sessionToken = 'sessionToken'
## Sample Env var / json
env_json = {
"accessKeyId": f"{accessKeyId}",
"secretAccessKey": f"{secretAccessKey}",
"sessionToken": f"{sessionToken}",
}
print()
ppwide(f'{t} {mi.set(1)}. Sample Env Var / json')
ppjson(env_json)
print()
# Colored Sample Env var / json
accessKeyId = incolor('accessKeyId', 'iYellow')
secretAccessKey = incolor('secretAccessKey', 'iYellow')
sessionToken = incolor('sessionToken', 'iYellow')
AWS_ACCESS_KEY_ID = incolor('AWS_ACCESS_KEY_ID', 'iGreen')
AWS_SECRET_ACCESS_KEY = incolor('AWS_SECRET_ACCESS_KEY', 'iGreen')
AWS_SESSION_TOKEN = incolor('AWS_SESSION_TOKEN', 'iGreen')
## Sample Env var / bash/zsh
env_shell = f'''{incolor('export','iBlue')} {AWS_ACCESS_KEY_ID}={accessKeyId}
{incolor('export','iBlue')} {AWS_SECRET_ACCESS_KEY}={secretAccessKey}
{incolor('export','iBlue')} {AWS_SESSION_TOKEN}={sessionToken}
'''
ppwide(f'{t} {mi.set(1)}. Sample Env Var / bash/zsh')
print(env_shell)
## Sample Env var / fish
env_fish = f'''{incolor('set -x', 'iBlue')} {AWS_ACCESS_KEY_ID}="{accessKeyId}"
{incolor('set -x', 'iBlue')} {AWS_SECRET_ACCESS_KEY}="{secretAccessKey}"
{incolor('set -x', 'iBlue')} {AWS_SESSION_TOKEN}="{sessionToken}"
'''
ppwide(f'{t} {mi.set(1)}. Sample Env Var / fish')
print(env_fish)
## Sample Env var / Powershell
env_ps = f'''{incolor('$Env:', 'iBlue')}{AWS_ACCESS_KEY_ID}="{accessKeyId}"
{incolor('$Env:', 'iBlue')}{AWS_SECRET_ACCESS_KEY}="{secretAccessKey}"
{incolor('$Env:', 'iBlue')}{AWS_SESSION_TOKEN}="{sessionToken}"
'''
ppwide(f'{t} {mi.set(1)}. Sample Env Var / Powershell')
print(env_ps)
## Sample Env var / Windows cmd
env_wincmd = f'''{incolor('set', 'iBlue')} {AWS_ACCESS_KEY_ID}={accessKeyId}
{incolor('set', 'iBlue')} {AWS_SECRET_ACCESS_KEY}={secretAccessKey}
{incolor('set', 'iBlue')} {AWS_SESSION_TOKEN}={sessionToken}
'''
ppwide(f'{t} {mi.set(1)}. Sample Env Var / Windows cmd')
print(env_wincmd)
'''
TEAM: Temporary elevated access management with IAM Identity Center
https://aws.amazon.com/blogs/security/temporary-elevated-access-management-with-iam-identity-center/
'''
ppwide(f'{t} {mi.set(0)}. TEAM / Temporary Elevated Access Management with IAM Identity Center')