Skip to content

Instantly share code, notes, and snippets.

@MrHassanMurtaza

MrHassanMurtaza/assume-role.sh

Last active December 22, 2022 17:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save MrHassanMurtaza/7062a4d285f55fe887775e6f84594c38 to your computer and use it in GitHub Desktop.
Save MrHassanMurtaza/7062a4d285f55fe887775e6f84594c38 to your computer and use it in GitHub Desktop.
Download ZIP
Assume AWSControlTowerExecution from management account
Raw
assume-role.sh
#!/bin/bash
export AWS_REGION="us-west-2"
account_id=$1
temp_role=$(aws sts assume-role \
--role-arn "arn:aws:iam::${account_id}:role/AWSControlTowerExecution" \
--role-session-name "aws-ct-mgmt")
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SESSION_TOKEN
export AWS_ACCESS_KEY_ID=$(echo $temp_role | jq -r .Credentials.AccessKeyId)
export AWS_SECRET_ACCESS_KEY=$(echo $temp_role | jq -r .Credentials.SecretAccessKey)
export AWS_SESSION_TOKEN=$(echo $temp_role | jq -r .Credentials.SessionToken)
env | grep -i AWS_
@MrHassanMurtaza
Copy link
Author

To assume role, export credentials of the management account in the environment variable do:

./assume-role.sh <member-account-id>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment