« Back to Index

AWS Assume Role

View original Gist on GitHub

aws-assume-role.sh

#! /bin/bash
#
# Dependencies:
#   brew install jq
#
# Example:
#   source aws-assume-role
#   alias aws-assume-role="source aws-assume-role"
#
# Notes:
#   Remove .sh file extension and move file to a location available to your $PATH
#   chmod +x <file>

unset AWS_SESSION_TOKEN
export AWS_ACCESS_KEY_ID=<your_user_access_key>
export AWS_SECRET_ACCESS_KEY=<your_user_secret_key>

aws_assume_account=${1:-755368653476}
aws_assume_role=${2:-Administrators}
aws_assume_session=${3:-temp}

# Note: ${var} instead of $var avoids bug with substitution deleting characters
echo "arn:aws:iam::${aws_assume_account}:role/${aws_assume_role}"

temp_role=$(aws sts assume-role \
                    --role-arn "arn:aws:iam::${aws_assume_account}:role/${aws_assume_role}" \
                    --role-session-name "${aws_assume_session}")

echo $aws_assume_account
echo $aws_assume_role
echo $aws_assume_session

# Note: xargs strips the containing quotes which is essential for the export to work
export AWS_ACCESS_KEY_ID=$(echo $temp_role | jq .Credentials.AccessKeyId | xargs)
export AWS_SECRET_ACCESS_KEY=$(echo $temp_role | jq .Credentials.SecretAccessKey | xargs)
export AWS_SESSION_TOKEN=$(echo $temp_role | jq .Credentials.SessionToken | xargs)

env | grep -i AWS_