Refresh AWS STS credentials

ak.sh

#!/bin/bash
## get current sts details
set -e
sts=$(aws sts get-caller-identity --profile $1)
date
echo """Current Identity:
$sts
"""
account=$(echo $sts | jq -r .Arn | awk '{split($0, a, ":"); print a[5]}')
role=$(echo $sts | jq -r .Arn | awk '{split($0, a, ":"); print a[6]}' | awk '{split($0, a, "/"); print a[2]}')
session_name=$(echo $sts | jq -r .Arn | awk '{split($0, a, ":"); print a[6]}' | awk '{split($0, a, "/"); print a[3]}')
## refresh sts creds
echo "refreshing credentials for arn:aws:iam::${account}:role/${role} --role-session-name ${session_name}"
creds=$(aws sts assume-role --role-arn arn:aws:iam::${account}:role/${role} --role-session-name $2 --duration-seconds 3600)
ak=$(echo $creds | jq -r .Credentials.AccessKeyId)
sak=$(echo $creds | jq -r .Credentials.SecretAccessKey)
tok=$(echo $creds | jq -r .Credentials.SessionToken)

## write to credentials file
echo "[$1]" > ~/.aws/credentials
echo "aws_access_key_id = ${ak}" >> ~/.aws/credentials
echo "aws_secret_access_key = ${sak}" >> ~/.aws/credentials
echo "aws_session_token = ${tok}" >> ~/.aws/credentials

1. Obtain sts credentials via your usual method
2. ./refresh-creds.sh {profile-name} {session-name}
   e.g
   ./refresh-creds.sh default garethTest

> ./refresh-creds.sh default garethTest
Sat 22 Jul 2023 10:38:15 AEST
Current Identity:
{
    "UserId": "AROABCDABCD1234ABCD:my-role",
    "Account": "123456789012",
    "Arn": "arn:aws:sts::123456789012:assumed-role/my-role/garethTest"
}

refreshing credentials for arn:aws:iam::1234567789012:role/my-role --role-session-name garethTest