Created
February 25, 2016 04:15
-
-
Save stumyp/29dcc9eef031dba02a63 to your computer and use it in GitHub Desktop.
simple bash script for getting STS credentials exported as env variables
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| unset AWS_ACCESS_KEY_ID | |
| unset AWS_SECRET_ACCESS_KEY | |
| unset AWS_SECURITY_TOKEN | |
| unset AWS_SESSION_TOKEN | |
| while getopts "e:u:p:s:t:f:" arg ; do | |
| case $arg in | |
| p) | |
| profile=$OPTARG | |
| ;; | |
| s) | |
| serial=$OPTARG | |
| ;; | |
| t) | |
| token=$OPTARG | |
| ;; | |
| f) | |
| file=$OPTARG | |
| source $file | |
| ;; | |
| esac | |
| done | |
| ( test -n $profile -a -n $serial -a -n $token) || usage | |
| get_temp_credentials | |
| ( test -n "$AWS" ) || AWS="aws" | |
| usage() { | |
| echo "Usage: source $0 -p aws_credentials_profile -s serial -t token" | |
| echo "OR: source $0 -f parameter_file -t token" | |
| echo -e "\t -p profile name from ~/.aws/credentials" | |
| echo -e "\t -s serial number of MFA device, virtual MFA looks like arn:aws:iam::account:mfa/user" | |
| echo -e "\t -t temporary token from MFA" | |
| echo -e "\t -f file name to read all parameters from (except token)" | |
| } | |
| function get_temp_credentials() { | |
| # checking for correct environment | |
| ( test $env == 'dev' -o $env == 'prd' -o $env == 'tst' -o $env == 'stg' ) || usage | |
| # and if profile is set too | |
| ( test -n $profile ) || ( test -n $AWS_PROFILE ) || usage | |
| # XORing presense of serial and token, if both are present fine, if only one - exit with usage message | |
| ( test -n "$serial" -o -n "$token" ) && ! ( test -n "$serial" -a -n "$token" ) && usage | |
| if [ -n "$token" ] ; then | |
| TMP=/tmp/sts-$$.json | |
| $AWS --profile ${profile} sts get-session-token --serial-number ${serial} --token-code ${token} >$TMP | |
| export AWS_ACCESS_KEY_ID=`jq '.Credentials.AccessKeyId' <$TMP| sed -e 's/"//g'` | |
| export AWS_SECRET_ACCESS_KEY=`jq '.Credentials.SecretAccessKey' <$TMP| sed -e 's/"//g'` | |
| export AWS_SECURITY_TOKEN=`jq '.Credentials.SessionToken' <$TMP| sed -e 's/"//g'` | |
| echo "Using temp credentials" | |
| echo " token: $AWS_SECURITY_TOKEN" | |
| echo "key: $AWS_SECRET_ACCESS_KEY" | |
| echo "key-id: $AWS_ACCESS_KEY_ID" | |
| rm -f $TMP | |
| else | |
| ( test -n $AWS_PROFILE ) || AWS_PROFILE=$profile | |
| echo "using credentials profile: $AWS_PROFILE" | |
| fi | |
| echo -e "\n--------------------------------------------------------------------------------\n" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment