aws-functions.sh

# export AWS_SERIAL_NUMBER=<your-mfa-arn>

declare -A iam_roles
iam_roles[dev]="arn:aws:iam::<account>:role/<assume-role-name>"
iam_roles[qa]="arn:aws:iam::<account>:role/<assume-role-name>"


function _aws_sts_get_session_token(){
  unset AWS_SESSION_TOKEN AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
  set -x
  aws sts get-session-token \
      --serial-number $1 \
      --token-code ${2} |
    jq -r '.Credentials| "AWS_SESSION_TOKEN="+.SessionToken+" AWS_ACCESS_KEY_ID="+.AccessKeyId+" AWS_SECRET_ACCESS_KEY="+.SecretAccessKey'
  set +x
}

function _aws_sts_assume_role(){
  set -x
  aws sts assume-role \
      --role-arn ${3} \
      --role-session-name "${USER}-devel" |
    jq -r '.Credentials| "AWS_SESSION_TOKEN="+.SessionToken+" AWS_ACCESS_KEY_ID="+.AccessKeyId+" AWS_SECRET_ACCESS_KEY="+.SecretAccessKey'
  set +x
}

# get_aws_assume_role_credentials()
function aws_get_temporary_credentials(){
  if [ -z "${AWS_SERIAL_NUMBER}" ]; then
    local AWS_SERIAL_NUMBER
    echo -n input aws mfa arn:
    read -s AWS_SERIAL_NUMBER
    echo
  fi
  role_arn=${iam_roles[$1]}
  echo aws mfa arn: $AWS_SERIAL_NUMBER
  echo role arn: $role_arn
  echo -n input mfa token:
  read -s TOKEN_CODE
  echo

  export $(_aws_sts_get_session_token $AWS_SERIAL_NUMBER $TOKEN_CODE)
  export $(_aws_sts_assume_role ${AWS_SERIAL_NUMBER} "$TOKEN_CODE" ${role_arn})
}