Last active
April 22, 2023 02:51
-
-
Save wirewc/557c5b3d87941b863ce0a8c4f65df85a to your computer and use it in GitHub Desktop.
AWS Profile Switcher with Google Auth Token
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/bash | |
export ENVIRONMENT_NAME="AWS" | |
export ENV="dev" # Example of an additional variable | |
export AWS_MFA_ARN=arn:aws:iam::12345678456:mfa/MySecurityToken # TODO: change value | |
export AWS_ACCESS_KEY_ID=My_Secret_Access_ID | |
export AWS_SECRET_ACCESS_KEY=My_Secret_Access_Key | |
# export AWS_ROLE_ARN=ROLE_I_WISH_TO_IMPERSONATE_HERE_WITH_TRUST_SHARE | |
# export AWS_ROLE_SESSION_NAME=NAME_I_WANT_TO_KNOW_NO_SPACES | |
export LOG_PATH=../../logs | |
deactivate () { | |
# This should detect bash and zsh, which have a hash command that must | |
# be called to get it to forget past commands. Without forgetting | |
# past commands the $PATH changes we made may not be respected | |
if [ -n "${BASH-}" ] || [ -n "${ZSH_VERSION-}" ] ; then | |
hash -r 2>/dev/null | |
fi | |
if ! [ -z "${_OLD_VIRTUAL_PS1+_}" ] ; then | |
PS1="$_OLD_VIRTUAL_PS1" | |
export PS1 | |
unset _OLD_VIRTUAL_PS1 | |
fi | |
if [ ! "${1-}" = "nondestructive" ] ; then | |
# Self destruct! | |
unset -f deactivate | |
unset AWS_ACCESS_KEY_ID | |
unset AWS_SECRET_ACCESS_KEY | |
unset ENV # Example of unsetting a custom variable | |
unset AWS_ROLE_ARN | |
unset AWS_ROLE_SESSION_NAME | |
unset AWS_SECURITY_TOKEN | |
unset AWS_SESSION_TOKEN | |
fi | |
} | |
impersonate () { | |
# Used to impersonate a user. | |
credentials=$(aws sts assume-role --role-arn $1 --role-session-name $2 --query 'Credentials.{AKI:AccessKeyId,SAK:SecretAccessKey,ST:SessionToken}' --output text) | |
export AWS_ACCESS_KEY_ID=$(echo $credentials | awk '{print $1}') | |
export AWS_SECRET_ACCESS_KEY=$(echo $credentials | awk '{print $2}') | |
export AWS_SECURITY_TOKEN=$(echo $credentials | awk '{print $3}') | |
} | |
tokenaws () { | |
# Used to pass a Google Auth soft token value | |
credentials=$(aws sts get-session-token --serial-number ${AWS_MFA_ARN} --token-code $1 --query 'Credentials.{AKI:AccessKeyId,SAK:SecretAccessKey,ST:SessionToken}' --output text) | |
export AWS_ACCESS_KEY_ID=$(echo $credentials | awk '{print $1}') | |
export AWS_SECRET_ACCESS_KEY=$(echo $credentials | awk '{print $2}') | |
export AWS_SESSION_TOKEN=$(echo $credentials | awk '{print $3}') | |
} | |
testawsid () { | |
# Debug with this: | |
aws sts get-caller-identity | |
} | |
# unset irrelevant variables | |
deactivate nondestructive | |
if [ -z "${AWS_DEPLOYER}" ] ; then | |
_OLD_VIRTUAL_PS1="$PS1" | |
if [ "x" != x ] ; then | |
PS1="$PS1" | |
else | |
PS1="(\e[1;32m${ENVIRONMENT_NAME}\e[0;37m) $PS1\n\e[1;34m>\e[1;32m$\e[0;37m " | |
# \e[1;XXm will change the color for the text after it. The bash colors are | |
# pretty standard. | |
# Recommend blue for dev, yellow for qa/staging, red for production. | |
# impersonate $AWS_ROLE_ARN $AWS_ROLE_SESSION_NAME | |
fi | |
export PS1 | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment