diff options
author | Mike Crute <crutem@amazon.com> | 2019-06-12 13:23:46 -0700 |
---|---|---|
committer | Mike Crute <crutem@amazon.com> | 2019-06-12 13:23:46 -0700 |
commit | ad5ea4009449c61c7243706ad46284e1587eb2b3 (patch) | |
tree | 1dde992c1f989904aadc1c0d8f82fd2558531da1 /bin | |
parent | 4c2dce88797da7281dd1a3d5f40a4ddbaa19a6bd (diff) | |
download | dotfiles-ad5ea4009449c61c7243706ad46284e1587eb2b3.tar.bz2 dotfiles-ad5ea4009449c61c7243706ad46284e1587eb2b3.tar.xz dotfiles-ad5ea4009449c61c7243706ad46284e1587eb2b3.zip |
Extract info from configs
Diffstat (limited to 'bin')
-rwxr-xr-x | bin/aws-assume-role.sh | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/bin/aws-assume-role.sh b/bin/aws-assume-role.sh index 810291b..bef5a29 100755 --- a/bin/aws-assume-role.sh +++ b/bin/aws-assume-role.sh | |||
@@ -2,17 +2,22 @@ | |||
2 | 2 | ||
3 | set -eo pipefail | 3 | set -eo pipefail |
4 | 4 | ||
5 | # Try to discover it from the CLI config | ||
5 | if [ -z "$1" ]; then | 6 | if [ -z "$1" ]; then |
6 | echo "usage: $0 <role arn>" >&2 | 7 | # Check that the profile exists |
7 | exit 1 | 8 | grep "profile $AWS_PROFILE" ~/.aws/config > /dev/null 2>&1 |
8 | fi | ||
9 | 9 | ||
10 | ROLE="$1" | 10 | ACCOUNT=$(grep -A3 "profile $AWS_PROFILE" ~/.aws/config | grep ^account | cut -d" " -f3) |
11 | ROLE=$(grep -A3 "profile $AWS_PROFILE" ~/.aws/config | grep ^role | cut -d" " -f3) | ||
12 | ROLE_ARN="arn:aws:iam::$ACCOUNT:role/$ROLE" | ||
13 | else | ||
14 | ROLE="$1" | ||
15 | fi | ||
11 | 16 | ||
12 | unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN | 17 | unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN |
13 | 18 | ||
14 | echo "Assuming '$ROLE' as '$USER' with profile '${AWS_PROFILE:-default}'..." >&2 | 19 | echo "Assuming '$ROLE_ARN' as '$USER' with profile '${AWS_PROFILE:-default}'..." >&2 |
15 | creds=( $(aws sts assume-role --role-arn $ROLE --role-session-name $USER --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' | tr -d ',') ) | 20 | creds=( $(aws sts assume-role --role-arn $ROLE_ARN --role-session-name $USER --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' | tr -d ',') ) |
16 | 21 | ||
17 | echo export AWS_ACCESS_KEY_ID="${creds[1]}" | 22 | echo export AWS_ACCESS_KEY_ID="${creds[1]}" |
18 | echo export AWS_SECRET_ACCESS_KEY="${creds[2]}" | 23 | echo export AWS_SECRET_ACCESS_KEY="${creds[2]}" |