First, upload test files to an S3 bucket you control (replace YOUR_BUCKET_NAME
) in two directories representing isolated namespaces (123
and 124
).
echo "123" > test.txt
aws s3 cp test.txt s3://YOUR_BUCKET_NAME/123/test.txt
echo "124" > test.txt
aws s3 cp test.txt s3://YOUR_BUCKET_NAME/124/test.txt
Next, create the role using the included CloudFormation template, role.json
. Make sure to replace the YOUR_BUCKET_NAME
value with your S3 bucket.
aws cloudformation create-stack --stack-name SelfAssumingRole --template-body file://role.json --capabilities CAPABILITY_IAM --parameters ParameterKey=S3BucketName,ParameterValue=YOUR_BUCKET_NAME
Once the stack has been created, you can get the role ARN from the Outputs
of the stack:
aws cloudformation describe-stacks --stack-name SelfAssumingRole
Replace the S3 bucket name and role ARN in the main.go
file.
Make sure your environment is configured with IAM credentials that can assume a role, and then assume the role you created, doing something like:
self_assuming_role=$(aws sts assume-role \
--role-arn "YOUR_ROLE_ARN" \
--role-session-name "SelfAssumingRoleSession")
export AWS_ACCESS_KEY_ID=$(echo $self_assuming_role | jq .Credentials.AccessKeyId | xargs)
export AWS_SECRET_ACCESS_KEY=$(echo $self_assuming_role | jq .Credentials.SecretAccessKey | xargs)
export AWS_SESSION_TOKEN=$(echo $self_assuming_role | jq .Credentials.SessionToken | xargs)
Run the main.go
file:
go run main.go