Created
September 4, 2020 12:43
-
-
Save mortalius/82d74046b30e871b19497e236549db1f to your computer and use it in GitHub Desktop.
Set Profile scripts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| unset AWS_PROFILE | |
| unset AWS_DEFAULT_REGION | |
| PROFILE=$1 | |
| REGION=$(aws --profile $PROFILE configure get region) | |
| REGION=${REGION:-us-east-1} | |
| echo export AWS_PROFILE=${PROFILE} | |
| export AWS_PROFILE=${PROFILE} | |
| echo export AWS_DEFAULT_REGION=${REGION} | |
| export AWS_DEFAULT_REGION=${REGION} | |
| echo Checkin\' | |
| aws sts get-caller-identity --output text 2>/dev/null | |
| if [ ! $? -eq 0 ]; then | |
| printf "\033[31m%-13s\033[0m %s\n" "ERROR: Wrong profile!" | |
| unset AWS_PROFILE | |
| unset AWS_DEFAULT_REGION | |
| GuessProfiles=$(cat ~/.aws/credentials | grep '\[' | grep -Po "[\w\d\-\_]+" | grep $PROFILE) | |
| if [[ ! -z "$GuessProfiles" ]]; then | |
| echo "You might have meant one of that:" | |
| for p in $GuessProfiles; do echo " - $p"; done | |
| fi | |
| else | |
| aws iam list-account-aliases --output text | |
| echo !!! Make sure to SOURCE this script !!! | |
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Generates temporary credentials for MFA enabled account (defined in SOURCE_PROFILE) | |
| # and saves it as AWS profile specified in TARGET_PROFILE | |
| set -e | |
| if [ $# -eq 0 ]; then | |
| echo "Usage: $0 <mfa_code>" | |
| exit 1 | |
| fi | |
| TOKEN_CODE=$1 | |
| MFA_DEVICE_ARN="arn:aws:iam::1234567890123:mfa/john.doe" | |
| SOURCE_PROFILE="main-profile-name-with-static-access-secret-keys" | |
| TARGET_PROFILE="profile-name-with-temporary-access-secret-keys" | |
| AWS_REGION=us-west-2 | |
| DURATION=129600 | |
| CREDS=$(aws --profile $SOURCE_PROFILE sts get-session-token --serial-number $MFA_DEVICE_ARN --duration-seconds $DURATION --token-code $TOKEN_CODE) | |
| SecretAccessKey=$(echo $CREDS | jq -r .Credentials.SecretAccessKey) | |
| SessionToken=$(echo $CREDS | jq -r .Credentials.SessionToken) | |
| AccessKeyId=$(echo $CREDS | jq -r .Credentials.AccessKeyId) | |
| ValidTill=$(echo $CREDS | jq -r .Credentials.Expiration) | |
| aws --profile $TARGET_PROFILE configure set aws_access_key_id $AccessKeyId | |
| aws --profile $TARGET_PROFILE configure set aws_secret_access_key $SecretAccessKey | |
| aws --profile $TARGET_PROFILE configure set aws_session_token $SessionToken | |
| aws --profile $TARGET_PROFILE configure set region $AWS_REGION | |
| echo "Enable profile with:" | |
| echo ". set_default_aws_profile.sh $TARGET_PROFILE" | |
| echo | |
| echo "Credentials valid till: $ValidTill" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment