Last active
April 18, 2016 17:32
-
-
Save seansummers/4d20fa54615fd0d51b0bf7218dbd91f5 to your computer and use it in GitHub Desktop.
AWS cli utility scripts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
# 1) rename or link the name of the role you want to assume to this file | |
# : ln -s <this script> account-superAdmin | |
# 2) make sure you have a matching profile in ~/.aws/config | |
# : [profile account-superAdmin] | |
# : source_profile = account | |
# : role_arn = arn:aws:iam::<account number>:role/superAdmin | |
# : mfa_serial = arn:aws:iam::<account number>:mfa/<iam user> | |
# 3) run this script with . (aka source) to export the variables | |
# : . ./<this script> | |
# or eval the output | |
# : eval $(./<this script>) | |
PROFILE="${0##*/}" | |
PROFILE_CMD="--profile ${PROFILE}" | |
USER_NAME=$(logname) | |
AWS_SHARED_CREDENTIAL_FILE="${AWS_SHARED_CREDENTIAL_FILE:-${HOME}/.aws/config}" | |
ROLE_ARN=$(sed -n "/${PROFILE}/"',/^$/!d;s/role_arn *= *\(.*\)/\1/p' "${AWS_SHARED_CREDENTIAL_FILE}") | |
## TODO | |
## REQUIRES: iam:ListRoles | |
# ROLE_ARN=$(aws ${PROFILE_CMD} iam list-roles --query "(Roles[?RoleName=='${PROFILE##*-}'].Arn)[0]") | |
## REQUIRES: iam:ListMFADevices | |
# MFA_ARN=$(aws ${PROFILE_CMD} iam list-mfa-devices --user-name "${USER_NAME}" --query "(MFADevices[].SerialNumber)[0]") | |
TICKET=$(aws ${PROFILE_CMD} sts assume-role --role-session-name "${USER_NAME}-${PROFILE}" \ | |
--role-arn "${ROLE_ARN}" \ | |
--query "Credentials.{AWS_ACCESS_KEY_ID:AccessKeyId,AWS_SECRET_ACCESS_KEY:SecretAccessKey,AWS_SESSION_TOKEN:SessionToken}") | |
TICKET="${TICKET//[ ,\"\}\{]}" | |
TICKET="${TICKET//:/=}" | |
AWS=$(for var in ${TICKET}; do echo "export ${var}"; done) | |
eval ${AWS} | |
echo ${AWS} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment