diff options
| author | Mike Crute <crutem@amazon.com> | 2019-06-12 13:23:46 -0700 |
|---|---|---|
| committer | Mike Crute <crutem@amazon.com> | 2019-06-12 13:23:46 -0700 |
| commit | ad5ea4009449c61c7243706ad46284e1587eb2b3 (patch) | |
| tree | 1dde992c1f989904aadc1c0d8f82fd2558531da1 /bin | |
| parent | 4c2dce88797da7281dd1a3d5f40a4ddbaa19a6bd (diff) | |
| download | dotfiles-ad5ea4009449c61c7243706ad46284e1587eb2b3.tar.bz2 dotfiles-ad5ea4009449c61c7243706ad46284e1587eb2b3.tar.xz dotfiles-ad5ea4009449c61c7243706ad46284e1587eb2b3.zip | |
Extract info from configs
Diffstat (limited to 'bin')
| -rwxr-xr-x | bin/aws-assume-role.sh | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/bin/aws-assume-role.sh b/bin/aws-assume-role.sh index 810291b..bef5a29 100755 --- a/bin/aws-assume-role.sh +++ b/bin/aws-assume-role.sh | |||
| @@ -2,17 +2,22 @@ | |||
| 2 | 2 | ||
| 3 | set -eo pipefail | 3 | set -eo pipefail |
| 4 | 4 | ||
| 5 | # Try to discover it from the CLI config | ||
| 5 | if [ -z "$1" ]; then | 6 | if [ -z "$1" ]; then |
| 6 | echo "usage: $0 <role arn>" >&2 | 7 | # Check that the profile exists |
| 7 | exit 1 | 8 | grep "profile $AWS_PROFILE" ~/.aws/config > /dev/null 2>&1 |
| 8 | fi | ||
| 9 | 9 | ||
| 10 | ROLE="$1" | 10 | ACCOUNT=$(grep -A3 "profile $AWS_PROFILE" ~/.aws/config | grep ^account | cut -d" " -f3) |
| 11 | ROLE=$(grep -A3 "profile $AWS_PROFILE" ~/.aws/config | grep ^role | cut -d" " -f3) | ||
| 12 | ROLE_ARN="arn:aws:iam::$ACCOUNT:role/$ROLE" | ||
| 13 | else | ||
| 14 | ROLE="$1" | ||
| 15 | fi | ||
| 11 | 16 | ||
| 12 | unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN | 17 | unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN |
| 13 | 18 | ||
| 14 | echo "Assuming '$ROLE' as '$USER' with profile '${AWS_PROFILE:-default}'..." >&2 | 19 | echo "Assuming '$ROLE_ARN' as '$USER' with profile '${AWS_PROFILE:-default}'..." >&2 |
| 15 | creds=( $(aws sts assume-role --role-arn $ROLE --role-session-name $USER --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' | tr -d ',') ) | 20 | creds=( $(aws sts assume-role --role-arn $ROLE_ARN --role-session-name $USER --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken]' | tr -d ',') ) |
| 16 | 21 | ||
| 17 | echo export AWS_ACCESS_KEY_ID="${creds[1]}" | 22 | echo export AWS_ACCESS_KEY_ID="${creds[1]}" |
| 18 | echo export AWS_SECRET_ACCESS_KEY="${creds[2]}" | 23 | echo export AWS_SECRET_ACCESS_KEY="${creds[2]}" |