Last active
April 14, 2021 10:57
-
-
Save igilham/719180ee450bf76bdb78e9f8e71b759c to your computer and use it in GitHub Desktop.
Fetch AWS credentials for CLI usage via Wormhole
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# reconfigure AWS CLI credentials | |
set -e | |
function requires() { | |
if ! command -v "$1" &>/dev/null; then | |
echo "Requires $1" | |
exit 1 | |
fi | |
} | |
function usage() { | |
echo "Usage: $0 ACCOUNT" >&2 | |
exit 1 | |
} | |
function fail() { | |
echo error: $@ >&2 | |
exit 1 | |
} | |
WORMHOLE_BASE_URL='https://api.example.com' | |
# CURL="$(brew --prefix curl)/bin/curl" | |
CURL='curl' | |
requires jq | |
requires "${CURL}" | |
# requires aws | |
case $1 in | |
dev) | |
account='123456789012';; | |
live) | |
account='098765432109';; | |
*) | |
usage | |
esac | |
creds_json=$(${CURL} -s --cert ~/.cert/cert.pem:${CERT_PASS} "${WORMHOLE_BASEURL}/account/${account}/credentials?duration=8h") || fail 'failed to fetch credentials from aws wormhole' | |
AWS_ACCESS_KEY_ID=$(jq -r '.accessKeyId' <<< "${creds_json}") | |
AWS_SECRET_ACCESS_KEY=$(jq -r '.secretAccessKey' <<< "${creds_json}") | |
AWS_SESSION_TOKEN=$(jq -r '.sessionToken' <<< "${creds_json}") | |
AWS_REGION="eu-west-1" | |
# Config can be set by exporting vars or setting the default profile using the AWS CLI | |
# I prefer using vars because not all SDKs correctly use the ~/.aws/credentials config file | |
export AWS_ACCESS_KEY_ID | |
export AWS_SECRET_ACCESS_KEY | |
export AWS_SESSION_TOKEN | |
export AWS_REGION | |
# aws configure set aws_access_key_id ${AWS_ACCESS_KEY_ID} | |
# aws configure set aws_secret_access_key ${AWS_SECRET_ACCESS_KEY} | |
# aws configure set aws_session_token ${AWS_SESSION_TOKEN} | |
# aws configure set region ${AWS_REGION} | |
echo "Got details for access key ${AWS_ACCESS_KEY_ID}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment