To use this script, set environment variables below:
AWS_ROLE_ARN=arn:aws:iam::XXX:role/XXX
AWS_ROLE_SESSION_NAME=a_role_accessed_from_cli
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=
When use with envchain, you can do:
eval $(envchain some-role assume)
envchain some-role assume aws ...
| #!/bin/sh | |
| if [ "x$AWS_ROLE_ARN" = "x" ]; then | |
| echo "set AWS_ROLE_ARN" | |
| exit 1 | |
| fi | |
| if [ "x$AWS_ROLE_SESSION_NAME" = "x" ]; then | |
| echo "set AWS_ROLE_SESSION_NAME" | |
| exit 1 | |
| fi | |
| temp=$(mktemp) | |
| aws sts assume-role --role-arn $AWS_ROLE_ARN --role-session-name $AWS_ROLE_SESSION_NAME > $temp | |
| AWS_ACCESS_KEY_ID=$(cat $temp | jq -r ".Credentials.AccessKeyId") | |
| AWS_SECRET_ACCESS_KEY=$(cat $temp | jq -r ".Credentials.SecretAccessKey") | |
| AWS_SESSION_TOKEN=$(cat $temp | jq -r ".Credentials.SessionToken") | |
| rm $temp | |
| if [ $# -ne 0 ]; then | |
| env AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN $@ | |
| else | |
| echo export AWS_ACCESS_KEY_ID=\"$AWS_ACCESS_KEY_ID\" | |
| echo export AWS_SECRET_ACCESS_KEY=\"$AWS_SECRET_ACCESS_KEY\" | |
| echo export AWS_SESSION_TOKEN=\"$AWS_SESSION_TOKEN\" | |
| fi |