Created
April 19, 2019 05:00
-
-
Save medwig/0c48986baee90feb5b0b2989eaa103ca to your computer and use it in GitHub Desktop.
Create aws credentials file from session token
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PROFILE=foo | |
| ACCOUNT_ID=123456 | |
| ROLE=terraform | |
| aws sts assume-role --role-arn arn:aws:iam::$ACCOUNT_ID:role/$ROLE --role-session-name "foo" > token | |
| aws configure --profile $PROFILE set aws_session_token $(jq < token '.Credentials.SessionToken' -r) | |
| aws configure --profile $PROFILE set aws_access_key_id $(jq < token '.Credentials.AccessKeyId' -r) | |
| aws configure --profile $PROFILE set aws_secret_access_key $(jq < token '.Credentials.SecretAccessKey' -r) | |
| tail ~/.aws/credentials | |
| aws sts get-caller-identity --profile $PROFILE | |
| sls info --aws-profile $PROFILE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
On a build server the Serverless Framework won't be able to find the credentials for a command like:
$ sls deploy --aws-profile fooThis script assumes a role in the target aws profile (account) and uses it's temporary credentials to make a profile that
--aws-profilecan understand.