export-temp-credentials.py

import configparser
import os
import boto3
import sys
import random
import string

def fail(msg):
   sys.stderr.write("{}\n".format(msg))
   sys.exit(1)

aws_profile = os.getenv("AWS_DEFAULT_PROFILE")
for x in ["AWS_ACCESS_KEY_ID", "AWS_SESSION_TOKEN", "AWS_SECRET_ACCESS_KEY"]:
   if x in os.environ:
      os.environ.pop(x)

if not aws_profile:
   fail("'AWS_DEFAULT_PROFILE' must be set")

def getTemporaryCredentials():
    config = configparser.ConfigParser()
    config.read(os.path.expanduser("~/.aws/config"))
    profile = config["profile {}".format(aws_profile)]
    role_arn = profile["role_arn"]
    client = boto3.client('sts')
    random_postfix = ''.join(random.choice(string.ascii_uppercase +
                                           string.digits) for _ in range(6))
    credentials = client.assume_role(
          RoleArn=role_arn,
          RoleSessionName="TempBuildSession{}".format(random_postfix)
    )
    return credentials["Credentials"]

def printTemporaryCredentials(credentials):
    print("""
export AWS_ACCESS_KEY_ID={AccessKeyId}
export AWS_SECRET_ACCESS_KEY={SecretAccessKey}
export AWS_SESSION_TOKEN={SessionToken}
""".format(**credentials))

if __name__ == '__main__':
   creds = getTemporaryCredentials()
   printTemporaryCredentials(creds)

Call like:

 eval $(python export-temp-credentials.py)