automatically assume role with aws cli

aws_auto_assume.sh

# automatically set the AWS environment variables from the json output of `aws sts assume-role` 
aws_sts_env () {
        if [[ -n "$1" ]]
        then
            local cred=$1
        fi
        if [[ -z "$cred" ]]
        then
                echo "Usage: $0 \`json\`"
                echo "Example: export cred=\`aws sts assume-role --role-arn xxxx --role-session-name xxxx|jq ".Credentials"\`"
                echo "         or get metadata from remote"
                echo "         export cred=\`curl 169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance\`"
                echo "         aws_sts_env '[\$cred optional]'"
                return
        fi
        export AWS_ACCESS_KEY_ID=`echo $cred|jq -r '.AccessKeyId' ` 
        export AWS_SECRET_ACCESS_KEY=`echo $cred|jq -r '.SecretAccessKey'`  
        export AWS_SESSION_TOKEN=`echo $cred|jq -r '(if .SessionToken == null then .Token else .SessionToken end)'` 
        echo "SET AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN in environment."
        unset cred
        env | grep --color=auto --exclude-dir={.bzr,CVS,.git,.hg,.svn,.idea,.tox} AWS | awk '{ print "export " $0 }'
}

# Checkout: https://github.com/Esonhugh/WeaponizedVSCode project

# Usage:

#  # normal_aws_contexnt
#  export cred=`aws sts assume-role --role-arn xxxx --role-session-name xxxx|jq ".Credentials"`
#  aws_sts_env

#  # meta-data use
#  export cred=`curl 169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance`
#  aws_sts_env "$cred"

#  # aws assumed role enviroment
#  aws sts get-caller-identity
#