Skip to content

Instantly share code, notes, and snippets.

@wakusei-meron-

wakusei-meron-/session_token.sh

Last active July 22, 2022 07:09
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save wakusei-meron-/caa758bdd140d90a8507895f29ae4617 to your computer and use it in GitHub Desktop.
Save wakusei-meron-/caa758bdd140d90a8507895f29ae4617 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
session_token.sh
#!/usr/bin/env bash
SCRIPT_DIR=$(cd $(dirname $0); pwd)
# -e: エラーがあれば途中終了
set -e
PROFILE=${PROFILE:-default}
echo "クレデンシャル発行に用いるprofile: $PROFILE"
OUTPUT_PROFILE=${OUTPUT_PROFILE:-mfa}
echo "一時的な権限を付与するprofile: $OUTPUT_PROFILE"
echo "権限を取得しています..."
USER_ARN=$(aws sts get-caller-identity --profile ${PROFILE} | jq -r .Arn)
CRED=$(aws sts get-session-token --profile ${PROFILE} --serial-number ${USER_ARN//user/mfa} --token-code $1 --duration-seconds 129600)
ACCESS_KEY=$(echo ${CRED} | jq -r .Credentials.AccessKeyId)
SECRET_KEY=$(echo ${CRED} | jq -r .Credentials.SecretAccessKey)
SESSION_TOKEN=$(echo ${CRED} | jq -r .Credentials.SessionToken)
aws configure set profile.${OUTPUT_PROFILE}.aws_access_key_id ${ACCESS_KEY}
aws configure set profile.${OUTPUT_PROFILE}.aws_secret_access_key ${SECRET_KEY}
aws configure set profile.${OUTPUT_PROFILE}.aws_session_token ${SESSION_TOKEN}
echo "${OUTPUT_PROFILE}に一時的な権限を付与が完了しました"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment