Skip to content

Instantly share code, notes, and snippets.

@innyso

innyso/aws_cli_config.md

Last active January 12, 2021 11:41
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save innyso/34184e63527ce692c6c4ba6b00b8eedc to your computer and use it in GitHub Desktop.
Save innyso/34184e63527ce692c6c4ba6b00b8eedc to your computer and use it in GitHub Desktop.
Download ZIP
#aws #config #cli #assumerole
Raw
aws_cli_config.md

Setting up aws cli with assume role

Let's say we have a tools account that we login and assume role with

  1. Run aws configure --profile tools and follow the prompt to setup initial aws related configuration files

  2. Open ~/.aws/config and add the following

[profile tools]
region = ap-southeast-2

[profile dev-readonly]
region = ap-southeast-2
role_arn = arn:aws:iam::123456:role/readonly
source_profile = tools

[profile dev-admin]
region = ap-southeast-2
role_arn = arn:aws:iam::123456:role/admin
source_profile = tools

[profile stg-readonly]
region = ap-southeast-2
role_arn = arn:aws:iam::6784246:role/readonly
source_profile = tools

[profile stg-admin]
region = ap-southeast-2
role_arn = arn:aws:iam::6784246:role/admin
source_profile = tools

using aws cli

To use the above with aws cli, let's say we want to list all the ec2 instances in dev as a readonly user

aws ec2 describe-instances --profile dev-readonly

using tools that require AWS ENV VAR to be set

Using this assume-role tool to set WS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables

eval $(assume-role dev-readonly)
export AWS_DEFAULT_REGION=ap-southeast-2

References

https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html

https://github.com/remind101/assume-role

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment