Skip to content

Instantly share code, notes, and snippets.

@ejholmes

ejholmes/main.go

Created June 24, 2017 03:43
Show Gist options
  • Save ejholmes/c2a7c6ab2b1d7ec413f244dd2ba20137 to your computer and use it in GitHub Desktop.
Save ejholmes/c2a7c6ab2b1d7ec413f244dd2ba20137 to your computer and use it in GitHub Desktop.
Download ZIP
Get a SessionToken with MFA, then assume role with those credentials.
Raw
main.go
package main
import (
"fmt"
"log"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/sts"
)
const (
SerialNumber = "arn:aws:iam::1234:mfa/user-name"
RoleARN = "arn:aws:iam::4321:role/Role"
)
func main() {
sess := session.New()
sessionTokenCreds, err := getSessionToken(sts.New(sess, &aws.Config{Credentials: credentials.NewEnvCredentials()}))
if err != nil {
log.Fatal(err)
}
roleCreds, err := assumeRole(sts.New(sess, &aws.Config{Credentials: credentials.NewStaticCredentials(*sessionTokenCreds.AccessKeyId, *sessionTokenCreds.SecretAccessKey, *sessionTokenCreds.SessionToken)}))
if err != nil {
log.Fatal(err)
}
fmt.Println(roleCreds)
}
func getSessionToken(client *sts.STS) (*sts.Credentials, error) {
token, err := stscreds.StdinTokenProvider()
if err != nil {
return nil, err
}
resp, err := client.GetSessionToken(&sts.GetSessionTokenInput{
DurationSeconds: aws.Int64(900),
SerialNumber: aws.String(SerialNumber),
TokenCode: aws.String(token),
})
if err != nil {
return nil, err
}
return resp.Credentials, nil
}
func assumeRole(client *sts.STS) (*sts.Credentials, error) {
resp, err := client.AssumeRole(&sts.AssumeRoleInput{
RoleSessionName: aws.String("test"),
DurationSeconds: aws.Int64(900),
RoleArn: aws.String(RoleArn),
})
if err != nil {
return nil, err
}
return resp.Credentials, nil
}
@gglawitsch
Copy link

At the end of line 55, rename RoleArn to RoleARN.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment