MASL: Managing Multiple AWS Accounts using the CLI

Hey, now, wait a minute: IDP, OneLogin,… what are you talking about?

So, an identity provider is just a system entity that creates, maintains, and manages identity information. It offers user authentication as a service. Other applications relying on it, such as web applications or a cloud provider like AWS, outsource the user authentication step to this trusted identity provider.

So what’s the problem exactly?

The first issue we stumbled upon with the tools provided by OneLogin to access the AWS CLI was the ease of installation (or the lack of it, to be more precise).

Meet MASL

Not finding a tool available to deal with the above problems (easiness of installing and managing multiple AWS accounts), we decided to write a tool ourselves. Enter MASL: https://github.com/glnds/masl.

Getting started with MASL

Installation is straightforward; everything is described in detail in the README on GitHub. Basically, all you need to do is to download the binary to a directory somewhere in your PATH and adjust the masl.toml config file. In case you struggle to get things running within minutes, be sure to check out the FAQ; it tackles the most common issues.

Diving a bit deeper into the config

Besides installing the binary, you also need to do some configuration. All config is done in a configuration file named masl.toml in your home directory. If you’re not familiar with TOML files, I highly recommend you to read a bit about them: https://github.com/toml-lang/toml. But we digress ;-)

Configuring AWS_PROFILE

Behind the scenes, MASL will just store your temporary credentials in the standard aws/credentials file. However, if not specified, AWS will use ‘default’ as default for the variable AWS_PROFILE. On the other hand, MASL will use ‘masl’ as the default AWS profile name to store the AWS credentials (as a safety net for not overriding your default settings). Not using the right AWS_PROFILE value is the most common issue when things are not working as expected. To fix this, do one of the following:

  • in your masl.toml add the line Profile = ‘default’
  • start masl with the -profile default option

Multi-Account management

One of the main drivers to develop MASL was to ease the management of multiple AWS accounts. Most of the tools currently lack those features, and that makes switching AWS accounts bothersome. this is why masl.toml supports the following features:

Environments containing account subsets

If your account list grows too big it’s often handy to limit the list to your current work context. You can achieve this by defining environments:

Usage

This brings us to the final step: usage. Just run masl on your command line.
Optional command line arguments:

You’re all set! As said before, you find all documentation in the readme on https://github.com/glnds/masl. Please don’t hesitate to raise bugs, ask for features, or just contribute!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store