Skip to content

Instantly share code, notes, and snippets.

@gene1wood

gene1wood/aws_assume_role

Last active May 17, 2022 16:40
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save gene1wood/34b02fa3091e184e1997 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save gene1wood/34b02fa3091e184e1997 to your computer and use it in GitHub Desktop.
Download ZIP
Workaround AWS CLI lack of support for IAM assume-role
Raw
aws_assume_role.bash
#!/bin/bash
# Source this file to use it, don't run it
#
# For example :
#
# . aws_assume_role.bash arn:aws:iam::345678901234:role/baz
# aws ec2 describe-instances
#
# or
#
# accounts="arn:aws:iam::123456789012:role/foo
# arn:aws:iam::234567890123:role/bar"
# for account in $accounts; do
# bash -c ". aws_assume_role.bash $account
# echo -n \"$account \"
# aws cloudtrail describe-trails --query 'trailList[0].TrailARN' --output text
# echo \"\"
# "
# done
role_arn="$1"
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SESSION_TOKEN
session_name="`curl --silent http://169.254.169.254/latest/meta-data/instance-id`-`date +%Y%m%d`"
sts=( $(
aws sts assume-role \
--role-arn "$role_arn" \
--role-session-name "$session_name" \
--query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' \
--output text
) )
export AWS_ACCESS_KEY_ID="${sts[0]}"
export AWS_SECRET_ACCESS_KEY="${sts[1]}"
export AWS_SESSION_TOKEN="${sts[2]}"
Copy link

ghost commented Feb 26, 2017

--role-session-name is invalid argument in the latest aws cli

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment