Skip to content

Instantly share code, notes, and snippets.

@kgorskowski

kgorskowski/aws-assume-role.sh

Created August 24, 2016 15:21
Show Gist options
  • Save kgorskowski/b9aa7ef4af27de8d57a35a65924c64b3 to your computer and use it in GitHub Desktop.
Save kgorskowski/b9aa7ef4af27de8d57a35a65924c64b3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
aws-assume-role.sh
#!/bin/bash
ADMIN_ACC_ID=$1
SESSION_NAME="adminsession"
case "$1" in
'Account1')
ADMIN_ACC_ID=1234567890
AWS_REGION=eu-central-1
;;
'Account2')
echo "Aktuellen MFA Key eingeben:"
read MFA_KEY
ADMIN_ACC_ID=1234567890
AWS_REGION=eu-west-1
;;
'Account3')
ADMIN_ACC_ID=1234567890
AWS_REGION=us-west-1
;;
esac
if [ -z "$MFA_KEY" ]; then
json=$(aws sts assume-role --role-arn "arn:aws:iam::${ADMIN_ACC_ID}:role/your-admin-role-name" --role-session-name "${SESSION_NAME}" --profile admin (in case you have different aws credential profiles))
else
json=$(aws sts assume-role --role-arn "arn:aws:iam::${ADMIN_ACC_ID}:role/your-admin-role-name" --serial-number *ARN of your MFA Device --role-session-name "${SESSION_NAME}" --profile admin --token-code "${MFA_KEY}")
fi
ACCESS_KEY=$(echo "$json" | jq '.Credentials.AccessKeyId' --raw-output)
SECRET_KEY=$(echo "$json" | jq '.Credentials.SecretAccessKey' --raw-output)
SESSION_TOKEN=$(echo "$json" | jq '.Credentials.SessionToken' --raw-output)
echo "retrieved temporary access key ${ACCESS_KEY} for Admin Account ID ${ADMIN_ACC_ID}"
shift
case $1 in
'aws')
AWS_ACCESS_KEY_ID=${ACCESS_KEY} AWS_SECRET_ACCESS_KEY=${SECRET_KEY} AWS_SESSION_TOKEN=${SESSION_TOKEN} "$@" --region ${AWS_REGION}
;;
'terraform')
AWS_ACCESS_KEY_ID=${ACCESS_KEY} AWS_SECRET_ACCESS_KEY=${SECRET_KEY} AWS_SESSION_TOKEN=${SESSION_TOKEN} "$@"
;;
'packer')
AWS_ACCESS_KEY_ID=${ACCESS_KEY} AWS_SECRET_ACCESS_KEY=${SECRET_KEY} AWS_SESSION_TOKEN=${SESSION_TOKEN} "$@"
;;
esac
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment