bjjb/awsume.sh

## awsume.sh
# awsume
# Usage: awsume ROLENAME
# It uses the _current_ AWS profile (set as an env-var or the default) to get
# the user's ARN and associated MFA devices, then it asks for a token code,
# sends the `aws sts assume-role` call to AWS, and exports the resulting session.
# /usr/bin/env bash

awsume() {
  user="$(aws sts get-caller-identity --query 'Arn' --output text)"
  role="${user%:*}:role/${1?Usage: $0 profile}"
  serial="$(aws iam list-mfa-devices --query 'MFADevices[0].SerialNumber' --output text)"
  read -p "To assume $role, enter a token for $serial: " token
  read AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN < <( \
    aws sts assume-role \
    --role-arn "$role" \
    --serial-number "$serial" \
    --role-session-name 'awsumed' \
    --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' \
    --output text --token-code "$token")
  export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
}
	# awsume
	# Usage: awsume ROLENAME
	# It uses the _current_ AWS profile (set as an env-var or the default) to get
	# the user's ARN and associated MFA devices, then it asks for a token code,
	# sends the `aws sts assume-role` call to AWS, and exports the resulting session.
	# /usr/bin/env bash

	awsume() {
	user="$(aws sts get-caller-identity --query 'Arn' --output text)"
	role="${user%:*}:role/${1?Usage: $0 profile}"
	serial="$(aws iam list-mfa-devices --query 'MFADevices[0].SerialNumber' --output text)"
	read -p "To assume $role, enter a token for $serial: " token
	read AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN < <( \
	aws sts assume-role \
	--role-arn "$role" \
	--serial-number "$serial" \
	--role-session-name 'awsumed' \
	--query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' \
	--output text --token-code "$token")
	export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
	}