Last active
May 17, 2022 16:40
-
-
Save gene1wood/34b02fa3091e184e1997 to your computer and use it in GitHub Desktop.
Revisions
-
gene1wood revised this gist
Apr 29, 2016 . 1 changed file with 38 additions and 17 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,21 +1,35 @@ #!/bin/bash usage () { cat <<DOCUMENTATIONXX Usage : . $0 ROLE_ARN [PARENT_PROFILE_NAME] ^--- Note that this script must be sourced not executed This tool will generate temporary credentials for an assumed role, save those ephemeral credentials in the awscli config and set the alias of "aaws" to use this new ephemeral awscli profile Examples . $0 arn:aws:iam::123456789012:role/ExampleRole aaws ec2 describe-instances or . $0 arn:aws:iam::234567890123:role/ExampleRole staging aaws --region us-west-2 ec2 describe-instances DOCUMENTATIONXX } if [ "$1" == "-h" -o "$1" == "--help" -o "$1" == "" ]; then usage exit 1 fi if [ "${BASH_SOURCE[0]}" == "${0}" ]; then echo "You must source this script instead of running it. Try this instead : " echo ". $0 $*" echo "" usage exit 1 fi @@ -32,15 +46,22 @@ if [ -n "$parent_profile" ]; then fi sts=( $( aws sts assume-role \ ${profile_argument} \ --role-arn "$role_arn" \ --role-session-name "$session_name" \ --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' \ --output text ) ) aws configure set aws_access_key_id ${sts[0]} --profile ${profile_name} aws configure set aws_secret_access_key ${sts[1]} --profile ${profile_name} aws configure set aws_session_token ${sts[2]} --profile ${profile_name} alias aaws="aws --profile ${profile_name}" alias aaws-${account_id}="aws --profile ${profile_name}" if [[ $PS1 =~ \(AWS:[0-9]*\)[[:space:]](.*) ]]; then PS1="(AWS:$account_id) ${BASH_REMATCH[1]}" else PS1="(AWS:$account_id) $PS1" fi -
Mar 19, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,7 +11,7 @@ # aaws ec2 describe-instances # or # . $0 arn:aws:iam::234567890123:role/ExampleRole staging # aaws --region us-west-2 ec2 describe-instances if [ "${BASH_SOURCE[0]}" == "${0}" ]; then echo "You must source this script instead of running it. Try this instead : " -
Mar 19, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -3,7 +3,7 @@ # Usage : . $0 ROLE_ARN [PARENT_PROFILE_NAME] # # This tool will generate temporary credentials for an assumed role, save # those ephemeral credentials in the awscli config and set the alias of # "aaws" to use this new ephemeral awscli profile # # Examples -
Mar 19, 2016 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Mar 19, 2016 . 1 changed file with 33 additions and 23 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,36 +1,46 @@ #!/bin/bash # Usage : . $0 ROLE_ARN [PARENT_PROFILE_NAME] # # This tool will generate temporary credentials for an assumed role, save # those epheral credentials in the awscli config and set the alias of # "aaws" to use this new ephemeral awscli profile # # Examples # . $0 arn:aws:iam::123456789012:role/ExampleRole # aaws ec2 describe-instances # or # . $0 arn:aws:iam::234567890123:role/ExampleRole staging # aaws ec2 describe-instances if [ "${BASH_SOURCE[0]}" == "${0}" ]; then echo "You must source this script instead of running it. Try this instead : " echo ". $0 $*" exit 1 fi role_arn=$1 parent_profile=$2 arn_array=(${role_arn//:/ }) account_id=${arn_array[3]} profile_path=${arn_array[4]} profile_name="ephemeral-${account_id}-${profile_path}-`date +%Y%m%d%H%M%S`" session_name="${USER}-`hostname`-`date +%Y%m%d`" if [ -n "$parent_profile" ]; then profile_argument="--profile $parent_profile" fi sts=( $( aws sts assume-role \ $profile_argument \ --role-arn "$role_arn" \ --role-session-name "$session_name" \ --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' \ --output text ) ) aws configure set aws_access_key_id ${sts[0]} --profile $profile_name aws configure set aws_secret_access_key ${sts[1]} --profile $profile_name aws configure set aws_session_token ${sts[2]} --profile $profile_name alias aaws="aws --profile $profile_name" -
Mar 18, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,36 @@ #!/bin/bash # Source this file to use it, don't run it # # For example : # # . aws_assume_role.bash arn:aws:iam::345678901234:role/baz # aws ec2 describe-instances # # or # # accounts="arn:aws:iam::123456789012:role/foo # arn:aws:iam::234567890123:role/bar" # for account in $accounts; do # bash -c ". aws_assume_role.bash $account # echo -n \"$account \" # aws cloudtrail describe-trails --query 'trailList[0].TrailARN' --output text # echo \"\" # " # done role_arn="$1" unset AWS_ACCESS_KEY_ID unset AWS_SECRET_ACCESS_KEY unset AWS_SESSION_TOKEN session_name="`curl --silent http://169.254.169.254/latest/meta-data/instance-id`-`date +%Y%m%d`" sts=( $( aws sts assume-role \ --role-arn "$role_arn" \ --role-session-name "$session_name" \ --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' \ --output text ) ) export AWS_ACCESS_KEY_ID="${sts[0]}" export AWS_SECRET_ACCESS_KEY="${sts[1]}" export AWS_SESSION_TOKEN="${sts[2]}"