Skip to content

Instantly share code, notes, and snippets.

@tomdavidson
Created June 17, 2016 19:40
Show Gist options
  • Save tomdavidson/3a83beae2d5e4c8ca6d09d6c99035446 to your computer and use it in GitHub Desktop.
Save tomdavidson/3a83beae2d5e4c8ca6d09d6c99035446 to your computer and use it in GitHub Desktop.
wrapper scirpt that assumes aws role
#! /usr/bin/env bash
# Wrapper scirpt that assumes aws role and then runs your script that needs the creds.
# Im not remembering where I got it, but it was at least inspired by another if not verbarium.
account_id=$1
role=$2
CMD="$@"
ACCOUNT_ID=11111111111
ASSUME_ROLE="arn:aws:iam::${ACCOUNT_ID}:role/ExternalAdminRole"
ROLE_SESSION_NAME="dev"
TMP_FILE=".temp_credentials"
aws sts assume-role --output json --role-arn ${ASSUME_ROLE} --role-session-name ${ROLE_SESSION_NAME} > ${TMP_FILE}
ACCESS_KEY=$(cat ${TMP_FILE} | jq -r ".Credentials.AccessKeyId")
SECRET_KEY=$(cat ${TMP_FILE} | jq -r ".Credentials.SecretAccessKey")
SESSION_TOKEN=$(cat ${TMP_FILE} | jq -r ".Credentials.SessionToken")
EXPIRATION=$(cat ${TMP_FILE} | jq -r ".Credentials.Expiration")
echo "Retrieved temp access key ${ACCESS_KEY} for role ${ASSUME_ROLE}. Key will expire at ${EXPIRATION}"
AWS_ACCESS_KEY_ID=${ACCESS_KEY} AWS_SECRET_ACCESS_KEY=${SECRET_KEY} AWS_SESSION_TOKEN=${SESSION_TOKEN} ${CMD}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment