Last active
November 24, 2020 14:01
-
-
Save markuman/4673df4f2d5cc45be794b150cd654818 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- hosts: localhost | |
connection: local | |
gather_facts: False | |
module_defaults: | |
group/aws: | |
region: eu-central-1 | |
vars: | |
PROFILE: bergholm | |
AWS_PROFILE: eu-central-1 | |
DURATION: 36000 #10h | |
ACCOUNTS: | |
test: "123" | |
prod: "456" | |
vars_prompt: | |
- name: ACCOUNT | |
prompt: account you want to assume? | |
private: no | |
default: test | |
- name: ROLE | |
prompt: which iam role you want to assume | |
private: no | |
default: some_role | |
- name: TOTP | |
prompt: TOTP needed only for iam operations | |
private: no | |
default: "" | |
tasks: | |
- name: fetch MFA device info | |
iam_mfa_device_info: | |
profile: "{{ PROFILE }}" | |
register: mfa_devices | |
when: TOTP | length == 6 | |
- name: assume role | |
sts_assume_role: | |
profile: "{{ PROFILE }}" | |
role_arn: "arn:aws:iam::{{ ACCOUNTS[ACCOUNT] }}:role/{{ ROLE }}" | |
role_session_name: "mb_test" | |
mfa_serial_number: "{{ mfa_devices.mfa_devices[0].serial_number }}" | |
mfa_token: "{{ TOTP }}" | |
duration_seconds: "{{ DURATION }}" | |
register: assumed_role | |
notify: | |
- save access key | |
- save secret key | |
- save session token | |
handlers: | |
- name: save access key | |
ini_file: | |
path: ~/.aws/credentials | |
section: "{{ ACCOUNT }}" | |
option: aws_access_key_id | |
value: "{{ assumed_role.sts_creds.access_key }}" | |
mode: '0600' | |
backup: yes | |
- name: save secret key | |
ini_file: | |
path: ~/.aws/credentials | |
section: "{{ ACCOUNT }}" | |
option: aws_secret_access_key | |
value: "{{ assumed_role.sts_creds.secret_key }}" | |
mode: '0600' | |
- name: save session token | |
ini_file: | |
path: ~/.aws/credentials | |
section: "{{ ACCOUNT }}" | |
option: aws_session_token | |
value: "{{ assumed_role.sts_creds.session_token }}" | |
mode: '0600' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment