Skip to content

Instantly share code, notes, and snippets.

@mortalius
Created September 4, 2020 12:43
Show Gist options
  • Save mortalius/82d74046b30e871b19497e236549db1f to your computer and use it in GitHub Desktop.
Save mortalius/82d74046b30e871b19497e236549db1f to your computer and use it in GitHub Desktop.
Set Profile scripts
#!/bin/bash
unset AWS_PROFILE
unset AWS_DEFAULT_REGION
PROFILE=$1
REGION=$(aws --profile $PROFILE configure get region)
REGION=${REGION:-us-east-1}
echo export AWS_PROFILE=${PROFILE}
export AWS_PROFILE=${PROFILE}
echo export AWS_DEFAULT_REGION=${REGION}
export AWS_DEFAULT_REGION=${REGION}
echo Checkin\'
aws sts get-caller-identity --output text 2>/dev/null
if [ ! $? -eq 0 ]; then
printf "\033[31m%-13s\033[0m %s\n" "ERROR: Wrong profile!"
unset AWS_PROFILE
unset AWS_DEFAULT_REGION
GuessProfiles=$(cat ~/.aws/credentials | grep '\[' | grep -Po "[\w\d\-\_]+" | grep $PROFILE)
if [[ ! -z "$GuessProfiles" ]]; then
echo "You might have meant one of that:"
for p in $GuessProfiles; do echo " - $p"; done
fi
else
aws iam list-account-aliases --output text
echo !!! Make sure to SOURCE this script !!!
fi
#!/bin/bash
# Generates temporary credentials for MFA enabled account (defined in SOURCE_PROFILE)
# and saves it as AWS profile specified in TARGET_PROFILE
set -e
if [ $# -eq 0 ]; then
echo "Usage: $0 <mfa_code>"
exit 1
fi
TOKEN_CODE=$1
MFA_DEVICE_ARN="arn:aws:iam::1234567890123:mfa/john.doe"
SOURCE_PROFILE="main-profile-name-with-static-access-secret-keys"
TARGET_PROFILE="profile-name-with-temporary-access-secret-keys"
AWS_REGION=us-west-2
DURATION=129600
CREDS=$(aws --profile $SOURCE_PROFILE sts get-session-token --serial-number $MFA_DEVICE_ARN --duration-seconds $DURATION --token-code $TOKEN_CODE)
SecretAccessKey=$(echo $CREDS | jq -r .Credentials.SecretAccessKey)
SessionToken=$(echo $CREDS | jq -r .Credentials.SessionToken)
AccessKeyId=$(echo $CREDS | jq -r .Credentials.AccessKeyId)
ValidTill=$(echo $CREDS | jq -r .Credentials.Expiration)
aws --profile $TARGET_PROFILE configure set aws_access_key_id $AccessKeyId
aws --profile $TARGET_PROFILE configure set aws_secret_access_key $SecretAccessKey
aws --profile $TARGET_PROFILE configure set aws_session_token $SessionToken
aws --profile $TARGET_PROFILE configure set region $AWS_REGION
echo "Enable profile with:"
echo ". set_default_aws_profile.sh $TARGET_PROFILE"
echo
echo "Credentials valid till: $ValidTill"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment