Created
September 19, 2020 03:12
-
-
Save samloh84/9b44dbf25db61ec192261c29e02eb43a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
AWS_PROFILE="${AWS_PROFILE:-}" | |
AWSRC_CACHE_DIR="~/.aws/.awsrc" | |
AWS_PROFILE_CACHE_JSON="${AWSRC_CACHE_DIR}/${AWS_PROFILE}.json" | |
function get-session-token() { | |
AWS_MFA_SERIAL=$(aws --profile ${AWS_PROFILE} configure get mfa_serial) | |
if [[ ! -f "${AWS_PROFILE_CACHE_JSON}" ]] || jq -e '.Credentials.Expiration|strptime("%Y-%m-%dT%H:%M:%S+00:00")|mktime <= now' "${AWS_PROFILE_CACHE_JSON}" > /dev/null 2>&1 ; then | |
local TOKEN_CODE | |
read -p 'MFA: ' -r TOKEN_CODE | |
mkdir -p "${AWSRC_CACHE_DIR}" | |
AWS_GET_SESSION_TOKEN_RESULT=$(aws --profile "${AWS_PROFILE}" sts get-session-token --duration-seconds 3600 --serial-number "${AWS_MFA_SERIAL}" --token-code "${TOKEN_CODE}" | tee "${AWS_PROFILE_CACHE_JSON}") | |
else | |
AWS_GET_SESSION_TOKEN_RESULT=$(cat "${AWS_PROFILE_CACHE_JSON}") | |
fi | |
AWS_ACCESS_KEY_ID=$(echo "${AWS_GET_SESSION_TOKEN_RESULT}" | jq -r .Credentials.AccessKeyId) | |
AWS_SECRET_ACCESS_KEY=$(echo "${AWS_GET_SESSION_TOKEN_RESULT}" | jq -r .Credentials.SecretAccessKey) | |
AWS_SESSION_TOKEN=$(echo "${AWS_GET_SESSION_TOKEN_RESULT}" | jq -r .Credentials.SessionToken) | |
echo "AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}" | |
echo "AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" | |
echo "AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}" | |
} | |
function assume-role() { | |
AWS_ROLE_ARN=$(aws --profile ${AWS_PROFILE} configure get role_arn) | |
AWS_ROLE_SESSION_NAME=$(aws --profile ${AWS_PROFILE} configure get role_session_name) | |
AWS_MFA_SERIAL=$(aws --profile ${AWS_PROFILE} configure get mfa_serial) | |
AWS_ASSUME_ROLE_RESULT=$(aws --profile "${AWS_PROFILE}" sts assume-role --role-arn ${AWS_ROLE_ARN} --role-session-name ${AWS_ROLE_SESSION_NAME} --duration-seconds 3600) | |
AWS_ACCESS_KEY_ID=$(echo "${AWS_ASSUME_ROLE_RESULT}" | jq -r .Credentials.AccessKeyId) | |
AWS_SECRET_ACCESS_KEY=$(echo "${AWS_ASSUME_ROLE_RESULT}" | jq -r .Credentials.SecretAccessKey) | |
AWS_SESSION_TOKEN=$(echo "${AWS_ASSUME_ROLE_RESULT}" | jq -r .Credentials.SessionToken) | |
echo "AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}" | |
echo "AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" | |
echo "AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}" | |
} | |
if aws --profile ${AWS_PROFILE} configure get source_profile; then | |
assume-role | |
else | |
get-session-token | |
fi | |
export AWS_PROFILE | |
export AWS_ACCESS_KEY_ID | |
export AWS_SECRET_ACCESS_KEY | |
export AWS_SESSION_TOKEN |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment