Skip to content

Instantly share code, notes, and snippets.

@hide32767

hide32767/awsu.bash

Last active August 16, 2019 08:29
Show Gist options
  • Save hide32767/fcdbe82bf5f5a1ce8ad5dcfe6ef21de7 to your computer and use it in GitHub Desktop.
Save hide32767/fcdbe82bf5f5a1ce8ad5dcfe6ef21de7 to your computer and use it in GitHub Desktop.
Download ZIP
set AWS Access Token Environments by sts:AssumeRole on AWS
Raw
awsu.bash
#!/bin/bash
# description:
# this is a printer to set environments for AWS Access Token gotten by sts:AssumeRole.
# cf. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
# the IAM Role MUST be configured to be able to assume it by your account.
# practical usage:
# $ eval $(awsu.bash <ROLE_ARN>)
TARGET_ROLE_ARN="$1"
function Aws::Sts::get_session_token () {
aws sts assume-role \
--role-arn "$1" \
--role-session-name "$(uuidgen)" \
--query 'Credentials'
}
unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
credential_json=$(mktemp)
Aws::Sts::get_session_token "${TARGET_ROLE_ARN}" \
>"${credential_json}"
echo "export AWS_ACCESS_KEY_ID=$(jq -r '.AccessKeyId' ${credential_json})"
echo "export AWS_SECRET_ACCESS_KEY=$(jq -r '.SecretAccessKey' ${credential_json})"
echo "export AWS_SESSION_TOKEN=$(jq -r '.SessionToken' ${credential_json})"
rm -f "${credential_json}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment