Thursday, September 21, 2023
HomeSoftware EngineeringLearn how to AWS sts assume position in a single command

Learn how to AWS sts assume position in a single command


The difficulty – what it takes to imagine a task

To imagine an AWS position within the CLI, you’ll have to do one thing like this:

aws sts assume-role --role-arn arn:aws:iam::123456789123:position/myAwesomeRole --role-session-name check --region eu-central-1

This will provide you with the next output:

{
    "Credentials": {
        "AccessKeyId": "someAccessKeyId",
        "SecretAccessKey": "someSecretAccessKey",
        "SessionToken": "someSessionToken",
        "Expiration": "20203-01-02T06:52:13+00:00"
    },
    "AssumedRoleUser": {
        "AssumedRoleId": "idOfTheAssummedRole",
        "Arn": "theARNOfTheRoleIWantToAssume"
    }
}

However then you’ll have to manually copy and paste the values of AccessKeyId, SecretAccessKey and SessionToken in a bunch of exports like this:

export AWS_ACCESS_KEY_ID="someAccessKeyId"                                                                                      
export AWS_SECRET_ACCESS_KEY="someSecretAccessKey"
export AWS_SESSION_TOKEN="someSessionToken"

At this stage you possibly can assume the position….

The answer – velocity this up

You are able to do this with, or with out jq.

Clearly the less dependencies the higher, so we’ll do it:

  • With out jq
  • With out a number of exports
  • Through the use of printf built-ins

This additionally permits the good thing about no credential leakage by /proc..

export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" 
$(aws sts assume-role 
--role-arn arn:aws:iam::123456789012:position/MyAssumedRole 
--role-session-name MySessionName 
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" 
--output textual content))
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments