wvanderdeijl/get-credentials.sh

## get-credentials.sh
export USR=xxxxxxxx
export PWD=xxxxxxxx
export COGNITO_CLIENT_ID=40qxxxxxxxxxxxxxxxxxxxxn40
# 12 digit numeric AWS account id
export AWS_ACCOUNT_ID=765000000630
export AWS_REGION=eu-central-1
export IDENTITY_POOL_GUID=e14xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxd89
export USER_POOL_ID=eu-central-1_oYTxxxxov

# sign in with username/password
export IDTOKEN=$(aws cognito-idp initiate-auth --region eu-central-1 \
    --auth-flow USER_PASSWORD_AUTH --auth-parameters "USERNAME=$USR,PASSWORD=$PWD" \
    --client-id $COGNITO_CLIENT_ID | jq -r '.AuthenticationResult.IdToken')

# get id for "my" identity from identity pool
export IDENTITY_ID=$(aws cognito-identity get-id \
    --account-id $AWS_ACCOUNT_ID \
    --region $AWS_REGION \
    --identity-pool-id "$AWS_REGION:$IDENTITY_POOL_GUID" \
    --logins cognito-idp.$AWS_REGION.amazonaws.com/$USER_POOL_ID=$IDTOKEN | jq -r '.IdentityId')

# get temporary credentials for identity
export AWS_TEMP_CREDS=$(aws cognito-identity get-credentials-for-identity --identity-id $IDENTITY_ID \
    --region $AWS_REGION \
    --logins cognito-idp.$AWS_REGION.amazonaws.com/$USER_POOL_ID=$IDTOKEN | jq -r '.Credentials')

echo "AWS_ACCESS_KEY_ID=$(echo $AWS_TEMP_CREDS | jq -r '.AccessKeyId')"
echo "AWS_SECRET_ACCESS_KEY=$(echo $AWS_TEMP_CREDS | jq -r '.SecretKey')"
echo "AWS_SESSION_TOKEN=$(echo $AWS_TEMP_CREDS | jq -r '.SessionToken')"

# get caller identity to see if temp credentials work
AWS_ACCESS_KEY_ID=$(echo $AWS_TEMP_CREDS | jq -r '.AccessKeyId') \
    AWS_SECRET_ACCESS_KEY=$(echo $AWS_TEMP_CREDS | jq -r '.SecretKey') \
    AWS_SESSION_TOKEN=$(echo $AWS_TEMP_CREDS | jq -r '.SessionToken') \
    aws sts get-caller-identity
	export USR=xxxxxxxx
	export PWD=xxxxxxxx
	export COGNITO_CLIENT_ID=40qxxxxxxxxxxxxxxxxxxxxn40
	# 12 digit numeric AWS account id
	export AWS_ACCOUNT_ID=765000000630
	export AWS_REGION=eu-central-1
	export IDENTITY_POOL_GUID=e14xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxd89
	export USER_POOL_ID=eu-central-1_oYTxxxxov

	# sign in with username/password
	export IDTOKEN=$(aws cognito-idp initiate-auth --region eu-central-1 \
	--auth-flow USER_PASSWORD_AUTH --auth-parameters "USERNAME=$USR,PASSWORD=$PWD" \
	--client-id $COGNITO_CLIENT_ID \| jq -r '.AuthenticationResult.IdToken')

	# get id for "my" identity from identity pool
	export IDENTITY_ID=$(aws cognito-identity get-id \
	--account-id $AWS_ACCOUNT_ID \
	--region $AWS_REGION \
	--identity-pool-id "$AWS_REGION:$IDENTITY_POOL_GUID" \
	--logins cognito-idp.$AWS_REGION.amazonaws.com/$USER_POOL_ID=$IDTOKEN \| jq -r '.IdentityId')

	# get temporary credentials for identity
	export AWS_TEMP_CREDS=$(aws cognito-identity get-credentials-for-identity --identity-id $IDENTITY_ID \
	--region $AWS_REGION \
	--logins cognito-idp.$AWS_REGION.amazonaws.com/$USER_POOL_ID=$IDTOKEN \| jq -r '.Credentials')

	echo "AWS_ACCESS_KEY_ID=$(echo $AWS_TEMP_CREDS \| jq -r '.AccessKeyId')"
	echo "AWS_SECRET_ACCESS_KEY=$(echo $AWS_TEMP_CREDS \| jq -r '.SecretKey')"
	echo "AWS_SESSION_TOKEN=$(echo $AWS_TEMP_CREDS \| jq -r '.SessionToken')"

	# get caller identity to see if temp credentials work
	AWS_ACCESS_KEY_ID=$(echo $AWS_TEMP_CREDS \| jq -r '.AccessKeyId') \
	AWS_SECRET_ACCESS_KEY=$(echo $AWS_TEMP_CREDS \| jq -r '.SecretKey') \
	AWS_SESSION_TOKEN=$(echo $AWS_TEMP_CREDS \| jq -r '.SessionToken') \
	aws sts get-caller-identity