Thursday, February 29, 2024
HomeSoftware EngineeringThe best way to AWS sts assume function in a single command...

The best way to AWS sts assume function in a single command – with out jq


The problem – what it takes to imagine a job

To imagine an AWS function within the CLI, you’ll have to do one thing like this:

aws sts assume-role --role-arn arn:aws:iam::123456789123:function/myAwesomeRole --role-session-name take a look at --region eu-central-1

This provides you with the next output:

{
    "Credentials": {
        "AccessKeyId": "someAccessKeyId",
        "SecretAccessKey": "someSecretAccessKey",
        "SessionToken": "someSessionToken",
        "Expiration": "20203-01-02T06:52:13+00:00"
    },
    "AssumedRoleUser": {
        "AssumedRoleId": "idOfTheAssummedRole",
        "Arn": "theARNOfTheRoleIWantToAssume"
    }
}

However then you’ll have to manually copy and paste the values of AccessKeyId, SecretAccessKey and SessionToken in a bunch of exports like this:

export AWS_ACCESS_KEY_ID="someAccessKeyId"                                                                                      
export AWS_SECRET_ACCESS_KEY="someSecretAccessKey"
export AWS_SESSION_TOKEN="someSessionToken"

At this stage you’ll be able to assume the function….

The answer – methods to velocity this up

You are able to do this with, or with out jq.

Clearly the less dependencies the higher, so we are going to do it:

  • With out jq
  • With out a number of exports
  • Through the use of printf built-ins

This additionally permits the good thing about no credential leakage via /proc..

export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" 
$(aws sts assume-role 
--role-arn arn:aws:iam::123456789012:function/MyAssumedRole 
--role-session-name MySessionName 
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" 
--output textual content))
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments