Skip to content
Snippets Groups Projects
Commit 311567fa authored by nimrod's avatar nimrod
Browse files

AWS assume-role script.

To run commands with a different IAM user/ role. No other configuration
needed (unlike aws-vault, not to pick on them, it's actually quite
nice). Also, an AWS CLI alias.
parent 4d29fb45
No related branches found
No related tags found
No related merge requests found
......@@ -11,3 +11,4 @@ metadata-region = !python3 << EOF
EOF
du = s3 ls --recursive --human-readable --summarize
enable_ena = ec2 modify-instance-attribute --ena-support --instance-id
assume-role = !assume-role
#!/bin/sh
set -eu
# This script runs the AWS assume-role command, captures the output, sets the
# environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and
# AWS_SESSION_TOKEN) and executes the command given.
usage() {
echo "$(basename "$0"): [-h|--help] ROLE_ARN COMMAND [PARAMETER [PARAMETER ...]]"
}
command -v aws > /dev/null || { echo 'Cannot find the AWS CLI, exiting.' >&2; exit 1; }
if [ "$#" -lt 2 ]
then
usage
exit 1
fi
role_arn="$1"
shift
credentials="$(aws sts assume-role \
--output text \
--duration-seconds 3600 \
--role-arn "$role_arn" \
--role-session-name 'CircleCI_executor')"
AWS_ACCESS_KEY_ID="$(echo "$credentials" | awk 'NR == 2 {print $2}')"
AWS_SECRET_ACCESS_KEY="$(echo "$credentials" | awk 'NR == 2 {print $4}')"
AWS_SESSION_TOKEN="$(echo "$credentials" | awk 'NR == 2 {print $5}')"
export AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY
export AWS_SESSION_TOKEN
unset AWS_SECURITY_TOKEN
eval exec "$@"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment