Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # export AWS_SERIAL_NUMBER=<your-mfa-arn>
- declare -A iam_roles
- iam_roles[dev]="arn:aws:iam::<account>:role/<assume-role-name>"
- iam_roles[qa]="arn:aws:iam::<account>:role/<assume-role-name>"
- function _aws_sts_get_session_token(){
- unset AWS_SESSION_TOKEN AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
- set -x
- aws sts get-session-token \
- --serial-number $1 \
- --token-code ${2} |
- jq -r '.Credentials| "AWS_SESSION_TOKEN="+.SessionToken+" AWS_ACCESS_KEY_ID="+.AccessKeyId+" AWS_SECRET_ACCESS_KEY="+.SecretAccessKey'
- set +x
- }
- function _aws_sts_assume_role(){
- set -x
- aws sts assume-role \
- --role-arn ${3} \
- --role-session-name "${USER}-devel" |
- jq -r '.Credentials| "AWS_SESSION_TOKEN="+.SessionToken+" AWS_ACCESS_KEY_ID="+.AccessKeyId+" AWS_SECRET_ACCESS_KEY="+.SecretAccessKey'
- set +x
- }
- # get_aws_assume_role_credentials()
- function aws_get_temporary_credentials(){
- if [ -z "${AWS_SERIAL_NUMBER}" ]; then
- local AWS_SERIAL_NUMBER
- echo -n input aws mfa arn:
- read -s AWS_SERIAL_NUMBER
- echo
- fi
- role_arn=${iam_roles[$1]}
- echo aws mfa arn: $AWS_SERIAL_NUMBER
- echo role arn: $role_arn
- echo -n input mfa token:
- read -s TOKEN_CODE
- echo
- export $(_aws_sts_get_session_token $AWS_SERIAL_NUMBER $TOKEN_CODE)
- export $(_aws_sts_assume_role ${AWS_SERIAL_NUMBER} "$TOKEN_CODE" ${role_arn})
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement