Last active
September 7, 2018 15:36
-
-
Save lxhunter/0f783282590cad225d280e559ef86205 to your computer and use it in GitHub Desktop.
Graphical Wrapper for assume-role
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if ! [ -x "$(command -v assume-role)" ]; then | |
| echo 'Error: assume-role is not installed.' >&2 | |
| if [[ "$OSTYPE" == "linux-gnu" ]]; then | |
| echo "Install assume-role via:" >&2 | |
| echo "$ curl https://raw.githubusercontent.com/coinbase/assume-role/master/install-assume-role -O" >&2 | |
| echo "$ cat install-assume-role # inspect the script for security" >&2 | |
| echo "$ bash ./install-assume-role # install assume-role" >&2 | |
| elif [[ "$OSTYPE" == "darwin"* ]]; then | |
| echo "Install assume-role via:" >&2 | |
| echo "$ brew tap coinbase/assume-role" >&2 | |
| echo "$ brew install assume-role" >&2 | |
| else | |
| echo "Unsupported system!" >&2 | |
| fi | |
| exit 1 | |
| fi | |
| if ! [ -x "$(command -v dialog)" ]; then | |
| if [[ "$OSTYPE" == "linux-gnu" ]]; then | |
| echo "Install assume-role via:" >&2 | |
| echo "$ Use package manager to install (apt-get install dialog)" >&2 | |
| elif [[ "$OSTYPE" == "darwin"* ]]; then | |
| echo "Install dialog via:" >&2 | |
| echo "$ brew install dialog" >&2 | |
| else | |
| echo "Check if dialog is available for your system!" >&2 | |
| fi | |
| exit 1 | |
| fi | |
| if ! [ -x "$(command -v jq)" ]; then | |
| if [[ "$OSTYPE" == "linux-gnu" ]]; then | |
| echo "Install assume-role via:" >&2 | |
| echo "$ Use package manager to install (apt-get install jq)" >&2 | |
| elif [[ "$OSTYPE" == "darwin"* ]]; then | |
| echo "Install jq via:" >&2 | |
| echo "$ brew install jq" >&2 | |
| else | |
| echo "Check if jq is available for your system!" >&2 | |
| fi | |
| exit 1 | |
| fi | |
| [ -z "$AWS_ROLE" ] && echo "You need to set AWS_ROLE - e.g. AWS_ROLE=fooOperations" && exit 1; | |
| [ -z "$AWS_PROFILE_ASSUME_ROLE" ] && echo "You need to set AWS_PROFILE_ASSUME_ROLE - e.g. AWS_PROFILE_ASSUME_ROLE=bastion" && exit 1; | |
| i=1 | |
| options="" | |
| if [ -f /tmp/role-selection ]; then | |
| roleSelection=$(cat /tmp/role-selection) | |
| else | |
| roleSelection="1" | |
| fi | |
| while IFS="=" read -r key value | |
| do | |
| accountsNames[$i]="$key" | |
| let i++ | |
| done < <(jq -r "to_entries|map(\"\(.key)=\(.value)\")|.[]" ~/.aws/accounts) | |
| for key in "${!accountsNames[@]}" | |
| do | |
| if [ "$key" -eq "${roleSelection}" ]; then | |
| options="$options $key ${accountsNames[$key]} on " | |
| else | |
| options="$options $key ${accountsNames[$key]} off " | |
| fi | |
| done | |
| dialog --title "Role Selection" --radiolist "Select Role:" 25 80 $i $options 2> /tmp/role-selection | |
| roleSelection=$(cat /tmp/role-selection) | |
| dialog --title "Multifactor Authentification" --inputbox "Please enter your 6-Digit MFA Code" 10 40 2> /tmp/mfa-code | |
| mfaCode=$(cat /tmp/mfa-code) | |
| if ! [[ "$mfaCode" =~ ^[0-9]{6}$ ]] ; | |
| then exec >&2; dialog --msgbox "What you entered was not a six digit number! Exiting..." 10 40; exit 1 | |
| fi | |
| eval $(assume-role ${accountsNames[$roleSelection]} $AWS_ROLE $mfaCode ) | |
| rm -f /tmp/mfa-code |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It is a Graphical Interface for assume-role, where you can select the sub-account and the mfa. it reads from ~/.aws/accounts. It uses dialog for display.