greylurk/01-instructions.md

## 01-instructions.md

      
    Raw
  

              01-instructions.md
            
          
    Installing


Setup the AWS CLI and add an spscommerce profile with your Dev aws credentials

$ aws configuration add --profile spscommerce


Add the functions.sh to your home directory
Add the following to your ~/.bashrc file

# Set up some useful bash functions
if [ -r $HOME/functions.sh ]; then
  source $HOME/functions.sh
fi

Close that terminal window, and open a new one
Try the "assume_datascience" method, as shown in the output gist


## functions.sh
function assume {
  region=us-east-1
  profile=$1
  role=$2
  token=$3
  if [[ -z "$token" ]]; then
      read -p "TFA Token for $profile: " token
  fi
  duration=900
  if [[ "$4" =~ "^[0-9]\{3,4\}$" ]]; then
    duration=$4
  fi
  username="$(whoami)"
  aws_command="aws --profile $profile --region $region"
  mfa_device="$($aws_command iam list-mfa-devices --query MFADevices[0].SerialNumber --output text)"
  result="$($aws_command sts assume-role --role-arn "$role" --role-session-name "$username" \
    --serial-number "$mfa_device" --token-code "$token" --duration-seconds "$duration" \
    --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' --output text \
  )"
  if [[ $? -ne 0 ]]; then
    echo "Failed to assume role" 1>&2
    return 1;
  else
    export AWS_ACCESS_KEY_ID="`echo $result | awk '{ print $1 }'`"
    export AWS_SECRET_ACCESS_KEY="`echo $result | awk '{ print $2 }'`"
    export AWS_SESSION_TOKEN="`echo $result | awk '{ print $3 }'`"
    echo "Assumed $role on $profile"
    echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID"
    echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY"
    echo "AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN"
    return 0
  fi
}

function assume_datascience {
  assume spscommerce arn:aws:iam::056684691971:role/ds/DSUserRole $1
}

## Output
$ assume_datascience
TFA Token for spscommerce: 123456
Assumed arn:aws:iam::056684691971:role/ds/DSUserRole on spscommerce
AWS_ACCESS_KEY_ID=ASXXXXXXXX
AWS_SECRET_ACCESS_KEY=B9XXXXXXXXXX
AWS_SESSION_TOKEN=<big long ugly string>
$
	function assume {
	region=us-east-1
	profile=$1
	role=$2
	token=$3
	if [[ -z "$token" ]]; then
	read -p "TFA Token for $profile: " token
	fi
	duration=900
	if [[ "$4" =~ "^[0-9]\{3,4\}$" ]]; then
	duration=$4
	fi
	username="$(whoami)"
	aws_command="aws --profile $profile --region $region"
	mfa_device="$($aws_command iam list-mfa-devices --query MFADevices[0].SerialNumber --output text)"
	result="$($aws_command sts assume-role --role-arn "$role" --role-session-name "$username" \
	--serial-number "$mfa_device" --token-code "$token" --duration-seconds "$duration" \
	--query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' --output text \
	)"
	if [[ $? -ne 0 ]]; then
	echo "Failed to assume role" 1>&2
	return 1;
	else
	export AWS_ACCESS_KEY_ID="`echo $result \| awk '{ print $1 }'`"
	export AWS_SECRET_ACCESS_KEY="`echo $result \| awk '{ print $2 }'`"
	export AWS_SESSION_TOKEN="`echo $result \| awk '{ print $3 }'`"
	echo "Assumed $role on $profile"
	echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID"
	echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY"
	echo "AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN"
	return 0
	fi
	}

	function assume_datascience {
	assume spscommerce arn:aws:iam::056684691971:role/ds/DSUserRole $1
	}
	$ assume_datascience
	TFA Token for spscommerce: 123456
	Assumed arn:aws:iam::056684691971:role/ds/DSUserRole on spscommerce
	AWS_ACCESS_KEY_ID=ASXXXXXXXX
	AWS_SECRET_ACCESS_KEY=B9XXXXXXXXXX
	AWS_SESSION_TOKEN=<big long ugly string>
	$