Last active
July 22, 2023 00:48
-
-
Save iamgeef/7be6d0f2b881e4693bed1a6e2724ef72 to your computer and use it in GitHub Desktop.
Refresh AWS STS credentials
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
## get current sts details | |
set -e | |
sts=$(aws sts get-caller-identity --profile $1) | |
date | |
echo """Current Identity: | |
$sts | |
""" | |
account=$(echo $sts | jq -r .Arn | awk '{split($0, a, ":"); print a[5]}') | |
role=$(echo $sts | jq -r .Arn | awk '{split($0, a, ":"); print a[6]}' | awk '{split($0, a, "/"); print a[2]}') | |
session_name=$(echo $sts | jq -r .Arn | awk '{split($0, a, ":"); print a[6]}' | awk '{split($0, a, "/"); print a[3]}') | |
## refresh sts creds | |
echo "refreshing credentials for arn:aws:iam::${account}:role/${role} --role-session-name ${session_name}" | |
creds=$(aws sts assume-role --role-arn arn:aws:iam::${account}:role/${role} --role-session-name $2 --duration-seconds 3600) | |
ak=$(echo $creds | jq -r .Credentials.AccessKeyId) | |
sak=$(echo $creds | jq -r .Credentials.SecretAccessKey) | |
tok=$(echo $creds | jq -r .Credentials.SessionToken) | |
## write to credentials file | |
echo "[$1]" > ~/.aws/credentials | |
echo "aws_access_key_id = ${ak}" >> ~/.aws/credentials | |
echo "aws_secret_access_key = ${sak}" >> ~/.aws/credentials | |
echo "aws_session_token = ${tok}" >> ~/.aws/credentials |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
./refresh-creds.sh {profile-name} {session-name}
e.g
./refresh-creds.sh default garethTest