kgorskowski/aws-assume-role.sh

## aws-assume-role.sh
#!/bin/bash
ADMIN_ACC_ID=$1
SESSION_NAME="adminsession"

case "$1" in
  'Account1')
  ADMIN_ACC_ID=1234567890
  AWS_REGION=eu-central-1
  ;;
  'Account2')
  echo "Aktuellen MFA Key eingeben:"
  read MFA_KEY
  ADMIN_ACC_ID=1234567890
  AWS_REGION=eu-west-1
  ;;
  'Account3')
  ADMIN_ACC_ID=1234567890
  AWS_REGION=us-west-1
  ;;
esac

if [ -z "$MFA_KEY" ]; then
  json=$(aws sts assume-role --role-arn "arn:aws:iam::${ADMIN_ACC_ID}:role/your-admin-role-name" --role-session-name "${SESSION_NAME}" --profile admin (in case you have different aws credential profiles))
else
  json=$(aws sts assume-role --role-arn "arn:aws:iam::${ADMIN_ACC_ID}:role/your-admin-role-name" --serial-number *ARN of your MFA Device --role-session-name "${SESSION_NAME}" --profile admin --token-code "${MFA_KEY}")
fi
ACCESS_KEY=$(echo "$json" | jq  '.Credentials.AccessKeyId' --raw-output)
SECRET_KEY=$(echo "$json" | jq  '.Credentials.SecretAccessKey' --raw-output)
SESSION_TOKEN=$(echo "$json" | jq  '.Credentials.SessionToken' --raw-output)

echo "retrieved temporary access key ${ACCESS_KEY} for Admin Account ID ${ADMIN_ACC_ID}"

shift

case $1 in
  'aws')
   AWS_ACCESS_KEY_ID=${ACCESS_KEY} AWS_SECRET_ACCESS_KEY=${SECRET_KEY} AWS_SESSION_TOKEN=${SESSION_TOKEN} "$@" --region ${AWS_REGION}
   ;;
   'terraform')
   AWS_ACCESS_KEY_ID=${ACCESS_KEY} AWS_SECRET_ACCESS_KEY=${SECRET_KEY} AWS_SESSION_TOKEN=${SESSION_TOKEN} "$@"
   ;;
   'packer')
    AWS_ACCESS_KEY_ID=${ACCESS_KEY} AWS_SECRET_ACCESS_KEY=${SECRET_KEY} AWS_SESSION_TOKEN=${SESSION_TOKEN} "$@"
   ;;
esac
	#!/bin/bash
	ADMIN_ACC_ID=$1
	SESSION_NAME="adminsession"

	case "$1" in
	'Account1')
	ADMIN_ACC_ID=1234567890
	AWS_REGION=eu-central-1
	;;
	'Account2')
	echo "Aktuellen MFA Key eingeben:"
	read MFA_KEY
	ADMIN_ACC_ID=1234567890
	AWS_REGION=eu-west-1
	;;
	'Account3')
	ADMIN_ACC_ID=1234567890
	AWS_REGION=us-west-1
	;;
	esac

	if [ -z "$MFA_KEY" ]; then
	json=$(aws sts assume-role --role-arn "arn:aws:iam::${ADMIN_ACC_ID}:role/your-admin-role-name" --role-session-name "${SESSION_NAME}" --profile admin (in case you have different aws credential profiles))
	else
	json=$(aws sts assume-role --role-arn "arn:aws:iam::${ADMIN_ACC_ID}:role/your-admin-role-name" --serial-number *ARN of your MFA Device --role-session-name "${SESSION_NAME}" --profile admin --token-code "${MFA_KEY}")
	fi
	ACCESS_KEY=$(echo "$json" \| jq '.Credentials.AccessKeyId' --raw-output)
	SECRET_KEY=$(echo "$json" \| jq '.Credentials.SecretAccessKey' --raw-output)
	SESSION_TOKEN=$(echo "$json" \| jq '.Credentials.SessionToken' --raw-output)

	echo "retrieved temporary access key ${ACCESS_KEY} for Admin Account ID ${ADMIN_ACC_ID}"

	shift

	case $1 in
	'aws')
	AWS_ACCESS_KEY_ID=${ACCESS_KEY} AWS_SECRET_ACCESS_KEY=${SECRET_KEY} AWS_SESSION_TOKEN=${SESSION_TOKEN} "$@" --region ${AWS_REGION}
	;;
	'terraform')
	AWS_ACCESS_KEY_ID=${ACCESS_KEY} AWS_SECRET_ACCESS_KEY=${SECRET_KEY} AWS_SESSION_TOKEN=${SESSION_TOKEN} "$@"
	;;
	'packer')
	AWS_ACCESS_KEY_ID=${ACCESS_KEY} AWS_SECRET_ACCESS_KEY=${SECRET_KEY} AWS_SESSION_TOKEN=${SESSION_TOKEN} "$@"
	;;
	esac