hovissimo/aws-creds.zsh

## aws-creds.zsh
#!/bin/zsh
# Fetch 24-hour AWS STS session token and set appropriate environment variables.
# See http://docs.aws.amazon.com/cli/latest/reference/sts/get-session-token.html .
# You must have jq installed and in your PATH https://stedolan.github.io/jq/ .
# Add this function to your .bashrc or save it to a file and source that file from .bashrc .
# Online: https://gist.github.com/hovissimo/c9119820a5a4f5a6081d93f87f1688b4
# Adapted from https://gist.github.com/ddgenome/f13f15dd01fb88538dd6fac8c7e73f8c
#
# usage: aws-creds AWS_PROFILE MFA_TOKEN [OTHER_AWS_STS_GET-SESSION-TOKEN_OPTIONS...]
# example: aws-creds staging 123456
function aws-creds () {
    local pkg=aws-creds
    if [[ ! $1 ]]; then
        echo "$pkg: missing required argument: AWS_PROFILE" 1>&2
        return 99
    else
        local AWS_PROFILE
        AWS_PROFILE="$1"
    fi

    if [[ ! $2 ]]; then
        echo "$pkg: missing required argument: MFA_TOKEN" 1>&2
        return 99
    else
        local MFA_TOKEN
        MFA_TOKEN="$2"
    fi

    # De-export these names
    typeset +x AWS_ACCESS_KEY_ID
    typeset +x AWS_SECRET_ACCESS_KEY
    typeset +x AWS_SESSION_TOKEN

    local AWS_MFA_ARN
    AWS_MFA_ARN=$(aws --profile "$AWS_PROFILE" configure get aws_mfa_arn)
    if [[ ! $AWS_MFA_ARN ]]; then
        echo "$pkg: failed to get aws_mfa_arn from profile $AWS_PROFILE" 1>&2
        return 1
    fi

    local rv creds_json
    creds_json=$(aws --profile "$AWS_PROFILE" --output json sts get-session-token --duration-seconds 86400 --serial-number "$AWS_MFA_ARN" --token-code "$MFA_TOKEN" "${@:3}")
    rv="$?"
    if [[ $rv -ne 0 || ! $creds_json ]]; then
        echo "$pkg: failed to get credentials: $creds_json" 1>&2
        return "$rv"
    fi

    AWS_ACCESS_KEY_ID=$(echo "$creds_json" | jq --exit-status --raw-output .Credentials.AccessKeyId)
    rv="$?"
    if [[ $rv -ne 0 || ! $AWS_ACCESS_KEY_ID ]]; then
        echo "$pkg: failed to parse output for AWS_ACCESS_KEY_ID: $creds_json" 1>&2
        return "$rv"
    fi
    AWS_SECRET_ACCESS_KEY=$(echo "$creds_json" | jq --exit-status --raw-output .Credentials.SecretAccessKey)
    rv="$?"
    if [[ $rv -ne 0 || ! $AWS_SECRET_ACCESS_KEY ]]; then
        echo "$pkg: failed to parse output for AWS_SECRET_ACCESS_KEY: $creds_json" 1>&2
        return "$rv"
    fi
    AWS_SESSION_TOKEN=$(echo "$creds_json" | jq --exit-status --raw-output .Credentials.SessionToken)
    rv="$?"
    if [[ $rv -ne 0 || ! $AWS_SESSION_TOKEN ]]; then
        echo "$pkg: failed to parse output for AWS_SESSION_TOKEN: $creds_json" 1>&2
        return "$rv"
    fi

    export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN

    echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID; AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY; AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN; export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN"
}
	#!/bin/zsh
	# Fetch 24-hour AWS STS session token and set appropriate environment variables.
	# See http://docs.aws.amazon.com/cli/latest/reference/sts/get-session-token.html .
	# You must have jq installed and in your PATH https://stedolan.github.io/jq/ .
	# Add this function to your .bashrc or save it to a file and source that file from .bashrc .
	# Online: https://gist.github.com/hovissimo/c9119820a5a4f5a6081d93f87f1688b4
	# Adapted from https://gist.github.com/ddgenome/f13f15dd01fb88538dd6fac8c7e73f8c
	#
	# usage: aws-creds AWS_PROFILE MFA_TOKEN [OTHER_AWS_STS_GET-SESSION-TOKEN_OPTIONS...]
	# example: aws-creds staging 123456
	function aws-creds () {
	local pkg=aws-creds
	if [[ ! $1 ]]; then
	echo "$pkg: missing required argument: AWS_PROFILE" 1>&2
	return 99
	else
	local AWS_PROFILE
	AWS_PROFILE="$1"
	fi

	if [[ ! $2 ]]; then
	echo "$pkg: missing required argument: MFA_TOKEN" 1>&2
	return 99
	else
	local MFA_TOKEN
	MFA_TOKEN="$2"
	fi

	# De-export these names
	typeset +x AWS_ACCESS_KEY_ID
	typeset +x AWS_SECRET_ACCESS_KEY
	typeset +x AWS_SESSION_TOKEN

	local AWS_MFA_ARN
	AWS_MFA_ARN=$(aws --profile "$AWS_PROFILE" configure get aws_mfa_arn)
	if [[ ! $AWS_MFA_ARN ]]; then
	echo "$pkg: failed to get aws_mfa_arn from profile $AWS_PROFILE" 1>&2
	return 1
	fi

	local rv creds_json
	creds_json=$(aws --profile "$AWS_PROFILE" --output json sts get-session-token --duration-seconds 86400 --serial-number "$AWS_MFA_ARN" --token-code "$MFA_TOKEN" "${@:3}")
	rv="$?"
	if [[ $rv -ne 0 \|\| ! $creds_json ]]; then
	echo "$pkg: failed to get credentials: $creds_json" 1>&2
	return "$rv"
	fi

	AWS_ACCESS_KEY_ID=$(echo "$creds_json" \| jq --exit-status --raw-output .Credentials.AccessKeyId)
	rv="$?"
	if [[ $rv -ne 0 \|\| ! $AWS_ACCESS_KEY_ID ]]; then
	echo "$pkg: failed to parse output for AWS_ACCESS_KEY_ID: $creds_json" 1>&2
	return "$rv"
	fi
	AWS_SECRET_ACCESS_KEY=$(echo "$creds_json" \| jq --exit-status --raw-output .Credentials.SecretAccessKey)
	rv="$?"
	if [[ $rv -ne 0 \|\| ! $AWS_SECRET_ACCESS_KEY ]]; then
	echo "$pkg: failed to parse output for AWS_SECRET_ACCESS_KEY: $creds_json" 1>&2
	return "$rv"
	fi
	AWS_SESSION_TOKEN=$(echo "$creds_json" \| jq --exit-status --raw-output .Credentials.SessionToken)
	rv="$?"
	if [[ $rv -ne 0 \|\| ! $AWS_SESSION_TOKEN ]]; then
	echo "$pkg: failed to parse output for AWS_SESSION_TOKEN: $creds_json" 1>&2
	return "$rv"
	fi

	export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN

	echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID; AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY; AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN; export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN"
	}