AWS cli utility scripts

assume-role.sh

#! /bin/bash

# 1) rename or link the name of the role you want to assume to this file
#    : ln -s <this script> account-superAdmin
# 2) make sure you have a matching profile in ~/.aws/config
#    : [profile account-superAdmin]
#    : source_profile = account
#    : role_arn = arn:aws:iam::<account number>:role/superAdmin
#    : mfa_serial = arn:aws:iam::<account number>:mfa/<iam user>
# 3) run this script with . (aka source) to export the variables
#    : . ./<this script>
#    or eval the output
#    : eval $(./<this script>)

PROFILE="${0##*/}"
PROFILE_CMD="--profile ${PROFILE}"

USER_NAME=$(logname)
AWS_SHARED_CREDENTIAL_FILE="${AWS_SHARED_CREDENTIAL_FILE:-${HOME}/.aws/config}"

ROLE_ARN=$(sed -n "/${PROFILE}/"',/^$/!d;s/role_arn *= *\(.*\)/\1/p' "${AWS_SHARED_CREDENTIAL_FILE}")

## TODO
## REQUIRES: iam:ListRoles
# ROLE_ARN=$(aws ${PROFILE_CMD} iam list-roles --query "(Roles[?RoleName=='${PROFILE##*-}'].Arn)[0]")
## REQUIRES: iam:ListMFADevices
# MFA_ARN=$(aws ${PROFILE_CMD} iam list-mfa-devices --user-name "${USER_NAME}" --query "(MFADevices[].SerialNumber)[0]")

TICKET=$(aws ${PROFILE_CMD} sts assume-role --role-session-name "${USER_NAME}-${PROFILE}" \
  --role-arn "${ROLE_ARN}" \
  --query "Credentials.{AWS_ACCESS_KEY_ID:AccessKeyId,AWS_SECRET_ACCESS_KEY:SecretAccessKey,AWS_SESSION_TOKEN:SessionToken}")

TICKET="${TICKET//[ ,\"\}\{]}"
TICKET="${TICKET//:/=}"

AWS=$(for var in ${TICKET}; do echo "export ${var}"; done)

eval ${AWS}
echo ${AWS}