Let's say we have a tools account that we login and assume role with
-
Run
aws configure --profile tools
and follow the prompt to setup initial aws related configuration files -
Open ~/.aws/config and add the following
[profile tools]
region = ap-southeast-2
[profile dev-readonly]
region = ap-southeast-2
role_arn = arn:aws:iam::123456:role/readonly
source_profile = tools
[profile dev-admin]
region = ap-southeast-2
role_arn = arn:aws:iam::123456:role/admin
source_profile = tools
[profile stg-readonly]
region = ap-southeast-2
role_arn = arn:aws:iam::6784246:role/readonly
source_profile = tools
[profile stg-admin]
region = ap-southeast-2
role_arn = arn:aws:iam::6784246:role/admin
source_profile = tools
To use the above with aws cli, let's say we want to list all the ec2 instances in dev as a readonly user
aws ec2 describe-instances --profile dev-readonly
Using this assume-role tool to set WS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables
eval $(assume-role dev-readonly)
export AWS_DEFAULT_REGION=ap-southeast-2
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html