Skip to content

Instantly share code, notes, and snippets.

@kyontan

kyontan/README.md

Created August 4, 2021 05:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kyontan/b45ce414a611f7a6821002e680410c63 to your computer and use it in GitHub Desktop.
Save kyontan/b45ce414a611f7a6821002e680410c63 to your computer and use it in GitHub Desktop.
Download ZIP
aws assume-role helper
Raw
README.md

aws assume-role helper script

Usage

You can use:

  1. aws command with credentials (that is already assume-role'ed) via: $ assume aws ...
  2. Set assume-role'ed credentials to current shell via: eval $(assume)

Settings

You need to set environment variables below:

  • AWS_ROLE_ARN
    • arn:aws:iam::XXX:role/YYY
  • AWS_ROLE_SESSION_NAME
    • set appropriate session name
    • eg. kyontan_via_cli
  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY
  • AWS_SESSION_TOKEN (optional)
Raw
assume
#!/bin/sh
if [ "x$AWS_ROLE_ARN" = "x" ]; then
echo "set AWS_ROLE_ARN"
exit 1
fi
if [ "x$AWS_ROLE_SESSION_NAME" = "x" ]; then
echo "set AWS_ROLE_SESSION_NAME"
exit 1
fi
temp=$(mktemp)
aws sts assume-role --role-arn $AWS_ROLE_ARN --role-session-name $AWS_ROLE_SESSION_NAME > $temp
AWS_ACCESS_KEY_ID=$(cat $temp | jq -r ".Credentials.AccessKeyId")
AWS_SECRET_ACCESS_KEY=$(cat $temp | jq -r ".Credentials.SecretAccessKey")
AWS_SESSION_TOKEN=$(cat $temp | jq -r ".Credentials.SessionToken")
rm $temp
if [ $# -ne 0 ]; then
env AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN $@
else
echo export AWS_ACCESS_KEY_ID=\"$AWS_ACCESS_KEY_ID\"
echo export AWS_SECRET_ACCESS_KEY=\"$AWS_SECRET_ACCESS_KEY\"
echo export AWS_SESSION_TOKEN=\"$AWS_SESSION_TOKEN\"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment