Lookup or replace AWS account IDs with their names and vice versa

awsacc

A trusty helper for working with AWS account IDs.

Working with AWS account IDs often involves more manual effort than necessary. Often account IDs in ARNs have to be manually looked up in different files and compared with existing IDs. With a few accounts this can be manageable, but with a large number of accounts to manage it is difficult to keep track.

awsacc allows you to:

  • quickly turn account ids into their human-readable names in any file.
  • lookup account ids by their corresponding name and vice versa via CLI and thus make them processable.

It's designed to speeds up reviewing changes and finding account ID errors (e.g. misspelled, or unknown IDs) in files. It can also be used as part of a CI/CD pipeline to match used account IDs in files against a defined list of valid IDs.

Installation

You can find the latest release here (Linux, Win, Mac 64-bit).

You can also build awsacc from source (Go 1.16+ required).

git clone [email protected]:cbrgm/awsacc.git && cd awsacc
go mod vendor && make

Another option is to use awsacc inside a container

docker run --rm -it \
   -v ~/.aws/accounts.json:/data/accounts.json \
   -v $(pwd):$(pwd) \
   cbrgm/awsacc:latest -f $(pwd)/file.json

where ~/.aws/accounts.json is your config file and $(pwd)/file.json is the file to check.

Configuration

A configuration file must be created so that the tool can search and substitute AWS account names and IDs. The configuration file is a JSON file consisting of accounts (tuples of names and IDs).

By default, it is stored under the path $HOME/.aws/accounts.json. You can also reference a config file via the environment variable AWSACC_CONFIG (Example: export AWSACC_CONFIG=/path/to/config.json).

~/.aws/accounts.json

{
    "Accounts": [
        {
            "Id": "620791285726",
            "Name": "Foo",
        },
    ]
}

The schema can be created manually or easily obtained using the aws CLI.

aws organizations list-accounts > ~/.aws/accounts.json

Note: This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an AWS service. (API Reference)

Usage

The use of the tool can be accessed through the help subcommand

Usage: awsacc [options] [subcommand] [options] <args>

Replaces AWS account ids with their human-readable names
	-c Colored output. Default: false
	-f Path to the input files. Default: Stdin
	-s Strict mode, return on error. Default: false
	-v Verbose output. Default: false

Subcommand: search, ls
Description: Searches and prints out account ids or account names
	-c Colored output. Default: false
	-s Strict mode, return on error. Default: false
	-v Verbose output. Default: false

Examples

Here are some examples of what you can do with awsacc

Replace and highlight AWS account ids with their names

We assume that a file test.json exists. (Does not have to be JSON only, any kind of text file is possible).

$ cat test.json

Output:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Example`:",
            "Effect": "Allow",
            "Action": [
                "sts:AssumeRole"
            ],
            "Resource": [
                "arn:aws:iam::614912345005:role/somebody",
                "arn:aws:iam::866714215829:role/somebody",
                "arn:aws:iam::012073564612:role/somebody"
            ]
        }
    ]
}

We can now replace the account IDs with the human-readable names, color-code the changed lines and print them out

$ cat test.json | awsacc -c -v

Output:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Example`:",
      "Effect": "Allow",
      "Action": [
        "sts:AssumeRole"
      ],
      "Resource": [
+        "arn:aws:iam::production:role/somebody",
-        "arn:aws:iam::614912345005:role/somebody",
+        "arn:aws:iam::integration:role/somebody",
-        "arn:aws:iam::866714215829:role/somebody",
+        "arn:aws:iam::development:role/somebody",
-        "arn:aws:iam::012073564612:role/somebody"
      ]
    }
  ]
}

Or we let only the changed lines be colored, without showing removed lines

$ cat test.json | awsacc -c

Output:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Example`:",
      "Effect": "Allow",
      "Action": [
        "sts:AssumeRole"
      ],
      "Resource": [
+        "arn:aws:iam::production:role/somebody",
+        "arn:aws:iam::integration:role/somebody",
+        "arn:aws:iam::development:role/somebody",
      ]
    }
  ]
}

Lookup AWS account ids or names

List all accounts ids of accounts containing dev in their name

awsacc ls dev

List all accounts names of accounts containing 00124 in their account id

awsacc ls 00124

List all accounts names of accounts 312345643213, 612345343211 and 822345643215

awsacc ls 312345643213 612345343211 822345643215

List all accounts ids of accounts containing doesntexist in their name, use strict mode -s to exit with err 1 when no results have been found

awsacc ls -s doesntexist

Count all accounts ids of accounts containing dev or int or prd in their name

awsacc ls dev int prod | wc -l

List all accounts and search for an account or id using fzf and copy the result to your clipboard

awsacc ls -v '*' | fzf | pbcopy

Usage in your CI/CD pipeline

It can also be used as part of a CI/CD pipeline to match used account IDs in files against a defined list of valid IDs from your configuration.

awsacc searches below the path recursively in all directories for matching files and returns an error code 1 if an ID was found that is not stored in the configuration.

awsacc -s -f './path/to/*.json'

is equivalent to

cat './path/to/*.json' | awsacc -s

Contributing & License

Feel free to submit changes! See the Contributing Guide. This project is open-source and is developed under the terms of the Apache 2.0 License.

Owner
Christian Bargmann
DevOps Engineer @moia-dev. I code things with my bare hands!
Christian Bargmann
Similar Resources

Simple no frills AWS S3 Golang Library using REST with V4 Signing (without AWS Go SDK)

simples3 : Simple no frills AWS S3 Library using REST with V4 Signing Overview SimpleS3 is a golang library for uploading and deleting objects on S3 b

Nov 4, 2022

Integrate AWS EKS Anywhere cluster with AWS Services

 Integrate AWS EKS Anywhere cluster with AWS Services

This article provides step-by-step instruction on integrating AWS EKS Anywhere with AWS Services so the applications running on customer data center can securely connect with these services.

Mar 6, 2022

Apis para la administracion de notifiaciones, utilizando servicios como AWS SNS y AWS SQS

notificacion_api Servicio para envío de notificaciónes por difusión en AWS SNS Especificaciones Técnicas Tecnologías Implementadas y Versiones Golang

Jan 7, 2022

A package for access aws service using AWS SDK for Golang

goaws 🚀 A package for access aws service using AWS SDK for Golang Advantage with goaws package Example for get user list IAM with AWS SDK for Golang

Nov 25, 2021

Aws-parameter-bulk - Export AWS SSM Parameter Store values in bulk to .env files

aws-parameter-bulk Utility to read parameters from AWS Systems Manager (SSM) Par

Oct 18, 2022

Aws-console-plugin - The current HashiCorp Vault AWS Secret Engine currently supports the creation of short lived API keys using the IAM User

aws-console-plugin Background The current HashiCorp Vault AWS Secret Engine curr

Feb 7, 2022

Aws-cognito-demo-go - Source code for AWS Cognito in Go

AWS Cognito Demo in Go Source code for YouTube series, AWS Cognito in Go - https

Dec 10, 2022

Una prueba técnica: Servicio Golang REST API local, sobre Docker, gRPC, AWS Serverless y sobre Kubernetes en AWS EC2

Una prueba técnica: Servicio Golang REST API local, sobre Docker, gRPC, AWS Serverless y sobre Kubernetes en AWS EC2

May 7, 2022

Aws-cdk-go-examples - Example projects using the AWS CDK by Golang

aws-cdk-go-examples Example projects using the AWS CDK by Golang Useful commands

Nov 24, 2022
Comments
Account - Ant Chain ACCOUNT SDK for Go

English | 简体中文 Ant Chain ACCOUNT SDK for Go Requirements It's necessary for you

Jan 13, 2022
Lambda stack to turn off and destroy all resources from your personal AWS Account to avoid billing surprises
Lambda stack to turn off and destroy all resources from your personal AWS Account to avoid billing surprises

AWS, Turn off my Account, please Lambda stack to turn off and destroy all resources from your personal AWS Account to avoid billing surprises Resource

Oct 25, 2022
A API scanner written in GOLANG to scan files recursively and look for API keys and IDs.

GO FIND APIS _____ ____ ______ _____ _ _ _____ _____ _____ _____ / ____|/ __ \ | ____|_ _| \ | | __ \ /\ | __ \_

Oct 25, 2021
A simple IP address lookup service | 基于 ip2region 使用 go 扩展的一个简单的 IP 地址归属地查询服务
A simple IP address lookup service | 基于 ip2region 使用 go 扩展的一个简单的 IP 地址归属地查询服务

go-ip2region 基于 ip2region 使用 go 扩展的一个简单的 IP 地址归属地查询服务 在线IP地址归属地查询 功能 提供 http 接口查询 IP 地址归属地 提供命令行 下载/更新 最新的 ip2region.db ip 库 (数据来源原仓库) 使用 可直接下载 releas

Dec 23, 2022
Go client library for efficient postal code lookup (powered by GeoNames)

go-poco Client library for efficient postal code lookup (powered by GeoNames) Installation go-poco may be installed using the go get command: go get g

Dec 23, 2021
Lambda microservice triggered by API Gateway to lookup ip address, domain or hash (md5, sha1, sha256)

lambdaGatewayAPI Lambda microservice triggered by API Gateway to lookup ip address, domain or hash (md5, sha1, sha256) How to deploy Build the lambdaG

Dec 21, 2021
💅🏽💄 A local development tool to replace docker-compose, based on Make
💅🏽💄 A local development tool to replace docker-compose, based on Make

???? Makeup ?? A local development tool to replace Docker Compose, based on Make. Makeup uses simple Makefiles to create a faster developer workflow c

Dec 2, 2022
AWS credential_process utility to assume AWS IAM Roles with Yubikey Touch and Authenticator App TOPT MFA to provide temporary session credentials; With encrypted caching and support for automatic credential refresh.
AWS credential_process utility to assume AWS IAM Roles with Yubikey Touch and Authenticator App TOPT MFA to provide temporary session credentials; With encrypted caching and support for automatic credential refresh.

AWS credential_process utility to assume AWS IAM Roles with Yubikey Touch and Authenticator App TOPT MFA to provide temporary session credentials; With encrypted caching and support for automatic credential refresh.

Dec 20, 2022
Leave Discord servers using the folder names.

leavemealone ------------ Leave Discord servers using the folder names. Usage ----- 1. `export TOKEN="<token>"` 2. `go run . <folder_name>` 3. Chec

Feb 4, 2022
Simple CRUD API written in Go, built using AWS SAM tool and using the AWS' infrastructure.
Simple CRUD API written in Go, built using AWS SAM tool and using the AWS' infrastructure.

tutor-pet API Simple CRUD API written in Go, built using AWS SAM tool and using the AWS' infrastructure. Macro architecture: Code architecture: Pre-Re

Aug 17, 2022