A useful script for AWS credentials

21 January 2020

My work involves elevated access to computers, including Amazon Web Services (AWS) accounts.

Our security team requires multi-factor authentication (MFA) for elevated access. For command-line access using MFA, I use the awscli’s aws sts get-session-token function. This grants AWS security credentials that are valid for a few hours.

I do this multiple times each day, so I made a quick utility script: sessioner.

To set up my credentials, I run the following commands:

. sessioner.sh -e development -t <development_token_value>
. sessioner.sh -e testing -t <testing_token_value>
. sessioner.sh -e production -t <production_token_value>

The token values come from an MFA device.

This code has 5 parts. Let’s take a look…

Part A: Input Parsing

The first step is to parse the inputs.

The script needs 2 parameters: the AWS profile (-e or --env) and MFA token code (-t or --token).

# inputs needed - environment (ENV) and code (TOKEN)
echo $@
POSITIONAL=()
while [[ $# -gt 0 ]]
do
key="$1"

case $key in
    -e|--env)
    ENV="$2"
    shift # past argument
    shift # past value
    ;;
    -t|--token)
    TOKEN="$2"
    shift # past argument
    shift # past value
    ;;
    *)    # unknown option
    POSITIONAL+=("$1") # save it in an array for later
    shift # past argument
    ;;
esac
done
set -- "${POSITIONAL[@]}" # restore positional parameters

Part B: Environment Setup

The second step is to create a few variables; the MFA device serial number, and the AWS profilename with elevated permissions.

Let’s say I’m connecting to AWS accounts 111111111111 and 222222222222 for development and testing. Inside each is an IAM user with elevated access called DevTheAlmighty.

if [ "${ENV}" = "development" ]; then
  SERIAL='arn:aws:iam::111111111111:mfa/DevTheAlmighty'
fi

if [ "${ENV}" = "testing" ]; then
  SERIAL='arn:aws:iam::222222222222:mfa/DevTheAlmighty'
fi

PROFILENAME="$ENV"mfa

Inside my AWS credentials, I have 2 configurations for each AWS account. I use the development profile to get credentials for the developmentmfa profile. The former has limited permissions; it can only retrieve permissions for the latter.

[development]
region = us-east-1

[developmentmfa]
region = us-east-1

Part C: Get Session Credentials

I get temporary credentials via aws sts get-session-token, which returns a JSON object. I run the command and save the results to a variable.

echo "Configuring $ENV with token $TOKEN"
CREDJSON="$(aws sts get-session-token --serial-number $SERIAL --profile $ENV --token-code $TOKEN)"
#echo $CREDJSON

Jq navigates through the JSON on the command line, and then sed removes the " character.

One line of code assigns an access_key, secret_key, or session_token value to a variable.

ACCESSKEY="$(echo $CREDJSON | jq '.Credentials.AccessKeyId' | sed 's/"//g')"
SECRETKEY="$(echo $CREDJSON | jq '.Credentials.SecretAccessKey' | sed 's/"//g')"
SESSIONTOKEN="$(echo $CREDJSON | jq '.Credentials.SessionToken' | sed 's/"//g')"

Part D: Set Session Credentials

aws configure set sets credentials for the higher-permissions profile.

aws configure set aws_access_key_id $ACCESSKEY --profile $PROFILENAME
aws configure set aws_secret_access_key $SECRETKEY --profile $PROFILENAME
aws configure set aws_session_token $SESSIONTOKEN --profile $PROFILENAME

Part E: Validate

Has my script worked? I run a simple check: listing all the S3 buckets I can see. Their names are familiar and distinctive, so I immediately know which AWS account I’m using.

aws s3 ls / --profile $PROFILENAME

I’ve put my code on GitHub, since no piece of code is ever done. I’ll add functionality over time, as I need to.

Happy coding!

Permalink

20:20 Vision in 2020

08 January 2020

A new year brings New Years’ Resolutions. I’ve lost track of the number of social media posts I’ve seen about this.

What I never see are posts describing how people will achieve their resolutions. After all, 90% of us stop going to the gym within 90 days. Sheer willpower doesn’t work.

I’m devoting most of this post to describe how I will achieve my goals.

My process for making 2020 goals has 6 parts:

  1. Brainstorm goal ideas. Use my 2019 retrospective as inspiration. Write everything down.
  2. Use these ideas to identify priorities. Write these down. This step frames the year.
  3. Use priorities to rank goals. Write down the 6 most important. Discard the rest.
  4. Make goals SMART. Write them down.
  5. Think creatively about different ways to use habits and systems. Ask others for suggestions.
  6. Pick a habit-based approach to achieve each goal. Add this to existing systems.
  7. Identify a way to catch myself when I struggle, as early as possible. Add this to systems as well.

Part 1: Brainstorming

Here’s what I came up with:

  • Run a 10K
  • Bike from Seattle to Portland
  • Do 50 pushups in a row
  • Do a 4-day, 50-mile hike
  • Publish 15 blog posts before July 1
  • Build a relationship with 10 people in my extended family
  • Grow closer to 6 friends
  • Develop 60 new professional connections
  • Teach 3 technologies to 30+ colleagues
  • Learn a popular programming language: Javascript, Go, or Java
  • Learn 4 popular frameworks: Tensorflow, Helm, Keras, and Serverless.
  • Gain proficiency in a software engineering ‘topic’ (e.g. infrastructure automation, rapid pipeline development, or cost optimization)
  • Learn more about genomics. A lot more
  • Catch up with the current state-of-the-art in machine learning
  • Learn a new instrument

(I’m leaving out anything involving my partner, politics, or work goals, for privacy reasons)

Part 2: Priorities

I spent a week thinking about goals and priorities. I wrote them on scraps of paper, and spent a day ordering them by asking 2 questions:

  • “What if I accomplished goal n but not n+1? Is that the result I want?”
  • “What happens if I switch the order? Is that better?”

That’s right, folks. I used bubblesort.

The steps we take change the path of our life. I sorted and re-sorted until I had a good result:

  1. Health
  2. Relationship
  3. Career
  4. Family & friends
  5. Work
  6. Music

I spend 96 hours a week working and sleeping. I’ll allocate the other 72 hours via priorities.

Part 3: Ranking

“Life is what happens while you’re making other plans” - John Lennon

A huge to-do list is a wish list. Unlike my 25-year-old self, I’m painfully aware of the cost of context switching.

I know how well I don’t multitask, and it takes 18-254 days to form a new habit. So, I will limit myself to 6 goals before July 1st:

  1. Do 50 pushups in a row
  2. Run a 10K
  3. Develop 60 new professional connections this year
  4. Publish 15 blog posts before July 1
  5. Learn 4 popular frameworks
  6. Grow closer to 6 friends

The rest I am ignoring deferring.

oops

Parts 4 + 5: Brainstorm Habits and Systems

We fall to the level of our systems.

There are science-based strategies to achieve what you set out to do:

  1. Clarify and honor your values
  2. Frame goals and your life in positive terms
  3. Change your environment to make it easier (e.g. remove distractions, walk, make it easier to do tasks)
  4. Be prepared with if-then strategies
  5. Use a gradual approach
  6. Be kind to yourself, even during setbacks

I will construct a system to reach goals:

  1. Identify why this is important. Think of personal values
  2. Break the goal down into incremental achievements, and then further into micro tasks
  3. Figure out a way to make those micro tasks easy
  4. Find a way to build those steps into existing habits+systems
  5. Do it
  6. Reward myself
  7. Reflect on how things went. Adjust and keep going for the next incremental achievement

I’ll call this the Seven Ascending Steps (SAS).

Publish 15 Blog Posts Before 7/1

I’m not a natural or experienced writer. I get frustrated, distracted, and swear.

I read a book on writing well, and struggled with the first 3 bits of advice.

Writing is mentally daunting, and yet I’m committing to write 15 posts before July 1. It is good to push past your comfort zones. Let’s break this down…

I am here for 147 days before July 1, so I need to complete a post every 9 days. I’m going to reduce that to once every 8 days plus 27 days’ buffer.

I already have ideas for posts; the effort is writing and editing. So, I broke up my writing process into micro tasks. I’ll spread them across 8 days, because consistency matters:

Day Tasks
1 Write substantive points on paper
2 Make a blog post file with tags & title
Make an outline from points
3 Write intro
Add relevant research + links to the post
4 Write half the post body
5 Write the second half of the post body
6 Write conclusion
Find images and add them
7 Print out, and edit with a pen
8 Publish
Reflect, and adjust for the next post.

None of these steps takes more than 30 minutes, so this will take 3.5 hours a week.

To accomplish these steps, I use a spreadsheet of micro tasks. Breaking a task into tiny pieces is the best way I know to do something daunting. I also put a comfy chair in the office, because changing our environment matters.

I have a system to get things done: Todoist. I’ve created a daily reminder to write, with a link to the micro tasks.

I’m using systems (to-do lists) I already have, and techniques (micro-tasks) I already know will work.

Finally, I’m going to use incentives. For each finished post, I will reward myself:

  • Buy a box of the pens I like
  • Spend 30 minutes going through old papers
  • Spend 30 minutes doodling
  • Spend $10 at the local bookstore

I’m choosing rewards that are topical, cheap, and that I already want. I’m granting permission to do what I hold back on, framing them as an earned reward.

This is working well. The last four posts used this approach.

50 Pushups

I want to do 50 pushups in a row.

It is an indicator of how often I’m working out, and therefore my health. This way I can take care of people, and do work that matters. Oh, and it’s good for brain function.

Right now I can do 15 pushups. I need to gain the strength to do 35 more. There are 169 days (24 weeks) left, so I need to gain the strength to do 1.5 more pushups each week. I’ll round up and do 2 more pushups each week, reaching the goal after 18 weeks. That’s mid-May, well before the deadline, so I have a comfortable buffer in case I slip.

I’ve read that it’s important to rest when strength training. I made reminders to work out 3 times a week. I’m going to adjust workouts to build in intensity every two weeks.

My workouts take 30 minutes, so this is a 1.5 hour commitment per week.

I’ll associate some rewards with achievements (‘30 in a row!’, ‘40 in a row!’):

  • Go climbing with a friend
  • Take a yoga class
  • Go on a snowshoeing hike
  • Learn to climb trees
  • Take an introductory parkour class

I created biweekly ‘validation’ tasks, to verify I’ve gained the endurance I am aiming for. I’ll adjust if needed.

This seems realistic. It uses SAS-y steps, and builds on systems I already have.

Learn frameworks

The final goal: learn 4 popular frameworks relevant to my career. I’ve chosen Tensorflow, Keras, Helm, and Serverless.

The lifespan of languages and frameworks is limited. I need to learn constantly to stay relevant in my profession. Thankfully, learning plays to my sense of curiosity. I was the kid who was always building with Legos. Learning has a similar feeling.

I learn frameworks in several steps. I want to build on previous steps, so I do this:

  1. Use Markdown files to document every command I run, why I did it, and helpful links.
  2. Use a container with persisted state, to start where I left off.
  3. 1-hour pomodoros work best for me. I shut off the phone, turn off music, and close all unrelated applications.

I’m allocating 35 days per framework, plus 7 days’ buffer:

Days Hours Tasks
1     1 Install & “hello world”
2-3    2 Set up with a basic dataset/application
4-8    5 Play around with questions/curiosity to figure out things work. How do the components of the framework interact? What are the design decisions?
9-14   6 Learn popular uses for the framework. What are common themes in its use? How does it compare with similar frameworks I already know?
15-30     15 Use a more complex dataset/application to learn. Can it do something weird, when I want it to? Why or why not? What patterns am I finding?
31-35    5 Write about what I’ve learned. Reflect, and adjust

I will work on this for an hour each day, or I’ll allocate a day to a big step. The time commitment is 8 hours a week, making this the goal with the biggest time commitment.

I’m productive immediately after work, before my commute. I’ll find a cozy spot and get to business.

I’ve made to-do reminders, micro-tasks, and a biweekly task to reflect & adjust the process. Yay neuroplasticity!

Oh, and of course we need rewards:

  • Get a nerdy t-shirt
  • Get an Etsy decal for my phone
  • Spend an hour organizing a computer (yep, I’m that nerd)
  • Spend an afternoon on a side project

Once again this uses SAS-y steps, and fits well with existing systems I have.

Part 6: Safety Net

Building habits and practices is an unreliable process. Sometimes everything works the first time. More often, I have to experiment and adjust.

So, I use ‘safety net’ reminders. Every two weeks I will ask myself: what has been working, what hasn’t, and what should change? Reflective practice is an effective way for me to incrementally and reliably improve.

Conclusion

Change is challenging, especially for a creature of habit like me. And yet, I value growth periods…in hindsight.

I try to improve myself using habit formation, simple steps, reducing the mental load per task, working on a regular basis, and pausing to adjust.

How will you achieve your goals?

Permalink