Last active
March 18, 2020 01:27
-
-
Save fgassert/8923461 to your computer and use it in GitHub Desktop.
gets iam security credentials from instance metadata and writes them to awscli environment variables and .s3cfg (for s3cmd)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # gets iam security credentials from instance metadata and writes them to | |
| # awscli environment variables and .s3cfg (for s3cmd) | |
| # Usage: ec2-get-security-credentials ROLENAME DEFAULT_REGION | |
| # ROLE=$1 | |
| # DEFAULT_REGION=$2 | |
| if [ -n "$1" ] ; then | |
| # get jq for json queries | |
| curl -O http://stedolan.github.io/jq/download/linux64/jq | |
| chmod +x jq | |
| # get security credentials from instance metadata | |
| curl -o security-credentials.json http://169.254.169.254/latest/meta-data/iam/security-credentials/$1/ | |
| export AWS_ACCESS_KEY_ID=$(cat security-credentials.json | ./jq -r '.AccessKeyId') | |
| export AWS_SECRET_ACCESS_KEY=$(cat security-credentials.json | ./jq -r '.SecretAccessKey') | |
| export AWS_SECURITY_TOKEN=$(cat security-credentials.json | ./jq -r '.Token') | |
| # Write to .s3cfg | |
| echo '[default]' > .awscli | |
| echo aws_access_key_id=$AWS_ACCESS_KEY_ID >> .awscli | |
| echo aws_secret_access_key=$AWS_SECRET_ACCESS_KEY >> .awscli | |
| echo aws_security_token=$AWS_SECURITY_TOKEN >> .awscli | |
| # Write to .s3cfg | |
| echo '[default]' > .s3cfg | |
| echo access_key=$AWS_ACCESS_KEY_ID >> .s3cfg | |
| echo secret_key=$AWS_SECRET_ACCESS_KEY >> .s3cfg | |
| echo access_token=$AWS_SECURITY_TOKEN >> .s3cfg | |
| if [ -n "$2" ] ; then | |
| export AWS_DEFAULT_REGION=$2 | |
| echo region=$2 >> .awscli | |
| fi | |
| else | |
| echo 'ERR: No role name specificed' | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Helpful script, thanks. A few minor comments:
which jq) would be good to prevent re-download