Created
January 14, 2021 18:45
-
-
Save tsibley/ee815470daec1997a8c907d6b4706ec8 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # usage: aws-assume-role-from-env [<command> [<args> …]] | |
| # | |
| # Authenticates with AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, assumes the | |
| # role in AWS_ROLE, and modifies the environment to set AWS_ACCESS_KEY_ID, | |
| # AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN. If <command> is specified, it | |
| # is exec-ed with the given <args>. Otherwise, /usr/bin/env is executed. | |
| # | |
| # Set AWS_ROLE_SESSION_NAME to use a value other than the default | |
| # (aws-assume-role-from-env@$time). | |
| # | |
| set -euo pipefail | |
| : "${AWS_ROLE_SESSION_NAME:=$(basename "$0")@$(date +%s)}" | |
| read -r AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN < <( | |
| aws sts assume-role \ | |
| --role-arn "$AWS_ROLE" \ | |
| --role-session-name "$AWS_ROLE_SESSION_NAME" \ | |
| --query "Credentials.[AccessKeyId, SecretAccessKey, SessionToken]" \ | |
| --output text | |
| ) | |
| export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN | |
| if [[ $# -eq 0 ]]; then | |
| exec /usr/bin/env | |
| else | |
| exec "$@" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment