Last active
July 11, 2021 23:03
-
-
Save patrobinson/657ce2192dd3cd28b90a1c260d6423ba to your computer and use it in GitHub Desktop.
aws vault bash profile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function aws-code() { | |
| ykman oath -s bastion-account | |
| } | |
| function aws-vault-exec() { | |
| local role_name=$1 | |
| export AWS_ACCOUNT=$role_name | |
| shift | |
| local command=$@ | |
| local extra_args="" | |
| local sudo="" | |
| if [[ -z $command ]]; then | |
| command="sudo -u $USER bash -l" | |
| extra_args="-s" | |
| sudo="sudo" | |
| fi | |
| $sudo aws-vault exec -m "$(aws-code)" --assume-role-ttl=1h $extra_args $role_name -- bash -c "$command" | |
| } | |
| function aws-vault-login() { | |
| aws-vault login -t "$(aws-code)" $1 | |
| } | |
| # AWS Vault Aliases | |
| roles=( | |
| account1-admin:account1-administrator | |
| account1-ro:account1-read-only | |
| ) | |
| for r in ${roles[@]}; do | |
| args=(${r//:/ }) | |
| alias_name=${args[0]} | |
| role_name=${args[1]} | |
| eval "alias login-${alias_name}='aws-vault-login $role_name'" | |
| eval "function ${alias_name}() { | |
| aws-vault-exec $role_name \$@ | |
| }" | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment