This service was created to ease the usage of AWS SDK tools with using assumed roles in your development environment.

pip install imposter

imposter --profile <AWS CLI profile name> [--bind [host]:port](169.254.169.254:80) [-D] (daemonize)

If the service detects you do not have the private IP address 169.254.169.254, it will attempt to create it for you with sudo. It will also ask for credentials so that you can run the service on privileged ports.

imposter --stop

imposter --roles

imposter --profile <AWS CLI profile name>

If the service is running, it will attempt to switch the active role. If not, it will launch it. Switching roles is equivalent to running

curl -XPOST https://169.254.169.254/roles/<profilename>

imposter --status

Your AWS CLI config should not have credentials in the default profile, otherwise the AWS SDK will look there for credentials before looking for the EC2 Metadata service. Instead, have your config profiles point to a separate, non-default section with your credentials, e.g.

[profile teamrole1]
role_arn = arn:aws:iam::123456789012:role/teamrole1
source_profile = myidentity
role_session_name = teamrole1

[profile teamrole2]
role_arn = arn:aws:iam::123456789012:role/teamrole2
source_profile = myidentity
role_session_name = teamrole2

[myidentity]
aws_access_key_id = ABCDEFGHIJKLMNOPQRST
aws_secret_access_key = abcdefghij1234567890abcdefghij1234567890