keymon · January 5, 2017 16:48
diff --git a/create-token-role.sh b/create-token-role.sh
 #!/bin/bash

 SCRIPT_NAME="$0"

 usage() {
    cat <<EOF
 Creates a set of tokens assuming the given role. Use "me" as role to simply generate a new session token for your user.

 Usage:
    $SCRIPT_NAME <role name> [duration in seconds]
 EOF
    exit 1

 }

 role_name="$1"
 duration="${2:-3600}"

 if [ -z "${role_name}" ]; then
    usage
 fi

 read -p "Token code: " token

 user_arn=$(aws sts get-caller-identity --query Arn --output text)
 arn_prefix=${user_arn%:*}
 token_arn=${user_arn/:user/:mfa}

 if [ "${role_name}" == "me" ]; then
    echo "Creating a new session token for ${user_arn}..."
    aws sts get-session-token \
        --serial-number "${token_arn}" \
        --duration-seconds "${duration}" \
        --output text \
        --query [Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken] \
        --token-code "${token}" | \
            awk '{ print "export AWS_ACCESS_KEY_ID=\"" $1 "\"\n" "export AWS_SECRET_ACCESS_KEY=\"" $2 "\"\n" "export AWS_SESSION_TOKEN=\"" $3 "\"" }'
 else
    echo "Creating new session token for role ${role_name}..."
    aws sts assume-role \
        --role-arn "${arn_prefix}:role/${role_name}" \
        --role-session-name "${role_name}_mfa_command_line" \
        --serial-number "${token_arn}" \
        --duration-seconds "${duration}" \
        --output text \
        --query [Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken] \
        --token-code "${token}" | \
            awk '{ print "export AWS_ACCESS_KEY_ID=\"" $1 "\"\n" "export AWS_SECRET_ACCESS_KEY=\"" $2 "\"\n" "export AWS_SESSION_TOKEN=\"" $3 "\"" }'
 fi
	#!/bin/bash

	SCRIPT_NAME="$0"

	usage() {
	cat <<EOF
	Creates a set of tokens assuming the given role. Use "me" as role to simply generate a new session token for your user.

	Usage:
	$SCRIPT_NAME <role name> [duration in seconds]
	EOF
	exit 1

	}

	role_name="$1"
	duration="${2:-3600}"

	if [ -z "${role_name}" ]; then
	usage
	fi

	read -p "Token code: " token

	user_arn=$(aws sts get-caller-identity --query Arn --output text)
	arn_prefix=${user_arn%:*}
	token_arn=${user_arn/:user/:mfa}

	if [ "${role_name}" == "me" ]; then
	echo "Creating a new session token for ${user_arn}..."
	aws sts get-session-token \
	--serial-number "${token_arn}" \
	--duration-seconds "${duration}" \
	--output text \
	--query [Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken] \
	--token-code "${token}" \| \
	awk '{ print "export AWS_ACCESS_KEY_ID=\"" $1 "\"\n" "export AWS_SECRET_ACCESS_KEY=\"" $2 "\"\n" "export AWS_SESSION_TOKEN=\"" $3 "\"" }'
	else
	echo "Creating new session token for role ${role_name}..."
	aws sts assume-role \
	--role-arn "${arn_prefix}:role/${role_name}" \
	--role-session-name "${role_name}_mfa_command_line" \
	--serial-number "${token_arn}" \
	--duration-seconds "${duration}" \
	--output text \
	--query [Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken] \
	--token-code "${token}" \| \
	awk '{ print "export AWS_ACCESS_KEY_ID=\"" $1 "\"\n" "export AWS_SECRET_ACCESS_KEY=\"" $2 "\"\n" "export AWS_SESSION_TOKEN=\"" $3 "\"" }'
	fi