garyellis · October 1, 2019 01:16
diff --git a/aws-functions.sh b/aws-functions.sh
 # export AWS_SERIAL_NUMBER=<your-mfa-arn>

 declare -A iam_roles
 iam_roles[dev]="arn:aws:iam::<account>:role/<assume-role-name>"
 iam_roles[qa]="arn:aws:iam::<account>:role/<assume-role-name>"


 function _aws_sts_get_session_token(){
  unset AWS_SESSION_TOKEN AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
  set -x
  aws sts get-session-token \
      --serial-number $1 \
      --token-code ${2} |
    jq -r '.Credentials| "AWS_SESSION_TOKEN="+.SessionToken+" AWS_ACCESS_KEY_ID="+.AccessKeyId+" AWS_SECRET_ACCESS_KEY="+.SecretAccessKey'
  set +x
 }

 function _aws_sts_assume_role(){
  set -x
  aws sts assume-role \
      --role-arn ${3} \
      --role-session-name "${USER}-devel" |
    jq -r '.Credentials| "AWS_SESSION_TOKEN="+.SessionToken+" AWS_ACCESS_KEY_ID="+.AccessKeyId+" AWS_SECRET_ACCESS_KEY="+.SecretAccessKey'
  set +x
 }

 # get_aws_assume_role_credentials()
 function aws_get_temporary_credentials(){
  if [ -z "${AWS_SERIAL_NUMBER}" ]; then
    local AWS_SERIAL_NUMBER
    echo -n input aws mfa arn:
    read -s AWS_SERIAL_NUMBER
    echo
  fi
  role_arn=${iam_roles[$1]}
  echo aws mfa arn: $AWS_SERIAL_NUMBER
  echo role arn: $role_arn
  echo -n input mfa token:
  read -s TOKEN_CODE
  echo

  export $(_aws_sts_get_session_token $AWS_SERIAL_NUMBER $TOKEN_CODE)
  export $(_aws_sts_assume_role ${AWS_SERIAL_NUMBER} "$TOKEN_CODE" ${role_arn})
 }
	# export AWS_SERIAL_NUMBER=<your-mfa-arn>

	declare -A iam_roles
	iam_roles[dev]="arn:aws:iam::<account>:role/<assume-role-name>"
	iam_roles[qa]="arn:aws:iam::<account>:role/<assume-role-name>"


	function _aws_sts_get_session_token(){
	unset AWS_SESSION_TOKEN AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
	set -x
	aws sts get-session-token \
	--serial-number $1 \
	--token-code ${2} \|
	jq -r '.Credentials\| "AWS_SESSION_TOKEN="+.SessionToken+" AWS_ACCESS_KEY_ID="+.AccessKeyId+" AWS_SECRET_ACCESS_KEY="+.SecretAccessKey'
	set +x
	}

	function _aws_sts_assume_role(){
	set -x
	aws sts assume-role \
	--role-arn ${3} \
	--role-session-name "${USER}-devel" \|
	jq -r '.Credentials\| "AWS_SESSION_TOKEN="+.SessionToken+" AWS_ACCESS_KEY_ID="+.AccessKeyId+" AWS_SECRET_ACCESS_KEY="+.SecretAccessKey'
	set +x
	}

	# get_aws_assume_role_credentials()
	function aws_get_temporary_credentials(){
	if [ -z "${AWS_SERIAL_NUMBER}" ]; then
	local AWS_SERIAL_NUMBER
	echo -n input aws mfa arn:
	read -s AWS_SERIAL_NUMBER
	echo
	fi
	role_arn=${iam_roles[$1]}
	echo aws mfa arn: $AWS_SERIAL_NUMBER
	echo role arn: $role_arn
	echo -n input mfa token:
	read -s TOKEN_CODE
	echo

	export $(_aws_sts_get_session_token $AWS_SERIAL_NUMBER $TOKEN_CODE)
	export $(_aws_sts_assume_role ${AWS_SERIAL_NUMBER} "$TOKEN_CODE" ${role_arn})
	}