Fetch AWS credentials for CLI usage via Wormhole

aws-wormhole-login.sh

#!/bin/bash
# reconfigure AWS CLI credentials

set -e

function requires() {
    if ! command -v "$1" &>/dev/null; then
        echo "Requires $1"
        exit 1
    fi
}

function usage() {
  echo "Usage: $0 ACCOUNT" >&2
  exit 1
}

function fail() {
  echo error: $@ >&2
  exit 1
}

WORMHOLE_BASE_URL='https://api.example.com'

# CURL="$(brew --prefix curl)/bin/curl"
CURL='curl'

requires jq
requires "${CURL}"
# requires aws

case $1 in
  dev)
    account='123456789012';;
  live)
    account='098765432109';;
  *)
    usage
esac

creds_json=$(${CURL} -s --cert ~/.cert/cert.pem:${CERT_PASS} "${WORMHOLE_BASEURL}/account/${account}/credentials?duration=8h") || fail 'failed to fetch credentials from aws wormhole'

AWS_ACCESS_KEY_ID=$(jq -r '.accessKeyId' <<< "${creds_json}")
AWS_SECRET_ACCESS_KEY=$(jq -r '.secretAccessKey' <<< "${creds_json}")
AWS_SESSION_TOKEN=$(jq -r '.sessionToken' <<< "${creds_json}")
AWS_REGION="eu-west-1"

# Config can be set by exporting vars or setting the default profile using the AWS CLI
# I prefer using vars because not all SDKs correctly use the ~/.aws/credentials config file
export AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY
export AWS_SESSION_TOKEN
export AWS_REGION

# aws configure set aws_access_key_id ${AWS_ACCESS_KEY_ID}
# aws configure set aws_secret_access_key ${AWS_SECRET_ACCESS_KEY}
# aws configure set aws_session_token ${AWS_SESSION_TOKEN}
# aws configure set region ${AWS_REGION}

echo "Got details for access key ${AWS_ACCESS_KEY_ID}"