AssumeRoleテスト用のS3アップロードスクリプト

Gemfile

# A sample Gemfile
source "https://rubygems.org"

gem 'aws-sdk', '< 2.0'

s3up_by_assume_role.rb

require 'aws-sdk'
require 'optparse'

options = {}
OptionParser.new do |opt|
  opt.on('-r', '--region=VALUE', 'リージョン') { |v| options[:region] = v }
  opt.on('-b', '--backet=VALUE', 's3バケット名') { |v| options[:backet] = v }
  opt.on('-a', '--role-arn=VALUE', 'IAMロールのARN') { |v| options[:role_arn] = v }
  opt.on('-k', '--s3-object-key=VALUE', 'アップロードするオブジェクトのキー') { |v| options[:s3_object_key] = v }
  opt.parse!(ARGV)
end

AWS.config(region: options[:region])
bucket_name = options[:backet]
object_name = options[:s3_object_key]
upload_policy = AWS::STS::Policy.new do |policy|
  policy.allow( actions: ['s3:PutObject', 's3:PutObjectAcl'], resources: "arn:aws:s3:::#{bucket_name}/#{object_name}")
end
upload_session = AWS::STS.new.assume_role(role_arn: options[:role_arn],
                                          role_session_name: "test",
                                          policy: upload_policy.to_json)

#AWS::STS.new.new_federated_session("user_name", policy: upload_policy)

s3 = AWS::S3.new(upload_session[:credentials])
bucket = s3.buckets[bucket_name]
object = bucket.objects[object_name].write(file: __FILE__, acl: :public_read)