rms1000watt · March 3, 2022 14:25
diff --git a/assumeRoleWithWebIdentity-in-eks-k8s-pod.js b/assumeRoleWithWebIdentity-in-eks-k8s-pod.js
 const AWS = require('aws-sdk');
 const fs = require('fs');
 const sts = new AWS.STS();

 sts.getCallerIdentity({}, console.log);

 const webIdentityToken = fs.readFileSync(process.env.AWS_WEB_IDENTITY_TOKEN_FILE, "utf8");
 const role = sts.assumeRoleWithWebIdentity({
  RoleArn: process.env.AWS_ROLE_ARN,
  RoleSessionName: "todo-put-something-dynamic-maybe",
  WebIdentityToken: webIdentityToken
 }, console.log);

 console.log(role.data.Credentials.AccessKeyId);
 console.log(role.data.Credentials.SecretAccessKey);
 console.log(role.data.Credentials.SessionToken);

 const stsNew = new AWS.STS({credentials: new AWS.Credentials(
  role.data.Credentials.AccessKeyId,
  role.data.Credentials.SecretAccessKey,
  role.data.Credentials.SessionToken
 )});
 stsNew.getCallerIdentity({}, console.log);
	const AWS = require('aws-sdk');
	const fs = require('fs');
	const sts = new AWS.STS();

	sts.getCallerIdentity({}, console.log);

	const webIdentityToken = fs.readFileSync(process.env.AWS_WEB_IDENTITY_TOKEN_FILE, "utf8");
	const role = sts.assumeRoleWithWebIdentity({
	RoleArn: process.env.AWS_ROLE_ARN,
	RoleSessionName: "todo-put-something-dynamic-maybe",
	WebIdentityToken: webIdentityToken
	}, console.log);

	console.log(role.data.Credentials.AccessKeyId);
	console.log(role.data.Credentials.SecretAccessKey);
	console.log(role.data.Credentials.SessionToken);

	const stsNew = new AWS.STS({credentials: new AWS.Credentials(
	role.data.Credentials.AccessKeyId,
	role.data.Credentials.SecretAccessKey,
	role.data.Credentials.SessionToken
	)});
	stsNew.getCallerIdentity({}, console.log);