Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package main
- import (
- "fmt"
- "log"
- "github.com/aws/aws-sdk-go/aws"
- "github.com/aws/aws-sdk-go/aws/credentials"
- "github.com/aws/aws-sdk-go/aws/credentials/stscreds"
- "github.com/aws/aws-sdk-go/aws/session"
- "github.com/aws/aws-sdk-go/service/sts"
- )
- const (
- SerialNumber = "arn:aws:iam::1234:mfa/user-name"
- RoleARN = "arn:aws:iam::4321:role/Role"
- )
- func main() {
- sess := session.New()
- sessionTokenCreds, err := getSessionToken(sts.New(sess, &aws.Config{Credentials: credentials.NewEnvCredentials()}))
- if err != nil {
- log.Fatal(err)
- }
- roleCreds, err := assumeRole(sts.New(sess, &aws.Config{Credentials: credentials.NewStaticCredentials(*sessionTokenCreds.AccessKeyId, *sessionTokenCreds.SecretAccessKey, *sessionTokenCreds.SessionToken)}))
- if err != nil {
- log.Fatal(err)
- }
- fmt.Println(roleCreds)
- }
- func getSessionToken(client *sts.STS) (*sts.Credentials, error) {
- token, err := stscreds.StdinTokenProvider()
- if err != nil {
- return nil, err
- }
- resp, err := client.GetSessionToken(&sts.GetSessionTokenInput{
- DurationSeconds: aws.Int64(900),
- SerialNumber: aws.String(SerialNumber),
- TokenCode: aws.String(token),
- })
- if err != nil {
- return nil, err
- }
- return resp.Credentials, nil
- }
- func assumeRole(client *sts.STS) (*sts.Credentials, error) {
- resp, err := client.AssumeRole(&sts.AssumeRoleInput{
- RoleSessionName: aws.String("test"),
- DurationSeconds: aws.Int64(900),
- RoleArn: aws.String(RoleArn),
- })
- if err != nil {
- return nil, err
- }
- return resp.Credentials, nil
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement