Skip to content

Instantly share code, notes, and snippets.

@atomicmattie

atomicmattie/aws-assume-role

Created August 12, 2022 17:23
Show Gist options
  • Save atomicmattie/ee802fcbbb912ce6d706e8297200aaf5 to your computer and use it in GitHub Desktop.
Save atomicmattie/ee802fcbbb912ce6d706e8297200aaf5 to your computer and use it in GitHub Desktop.
Download ZIP
wraps the AWS CLI, assuming a role before invoking your command
Raw
aws-assume-role
#!/usr/bin/env bash
set -e
role="$1"
shift
if [ "x$role" = "x" -o "x$1" = "x" ]
then
echo usage: $0 ROLE_ARN AWS_COMMAND ... >&2
exit 1
fi
credentials_fifo=$(mktemp)
rm ${credentials_fifo}
mkfifo ${credentials_fifo}
__cleanup() {
rm ${credentials_fifo}
}
trap __cleanup EXIT
aws sts assume-role \
--role-arn "$role" \
--role-session-name aws-assume-role | \
jq -r '.Credentials.AccessKeyId, .Credentials.SecretAccessKey, .Credentials.SessionToken' >$credentials_fifo &
read -d '\n' access_key_id secret_access_key session_token <$credentials_fifo || true
exec env \
AWS_ACCESS_KEY_ID="$access_key_id" \
AWS_SECRET_ACCESS_KEY="$secret_access_key" \
AWS_SESSION_TOKEN="$session_token" \
aws $@
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment