wrapper scirpt that assumes aws role

example-aws-assume-role-wrapper.sh

#! /usr/bin/env bash

# Wrapper scirpt that assumes aws role and then runs your script that needs the creds.
# Im not remembering where I got it, but it was at least inspired by another if not verbarium.

account_id=$1
role=$2

CMD="$@"
ACCOUNT_ID=11111111111

ASSUME_ROLE="arn:aws:iam::${ACCOUNT_ID}:role/ExternalAdminRole"
ROLE_SESSION_NAME="dev"
TMP_FILE=".temp_credentials"

aws sts assume-role --output json --role-arn ${ASSUME_ROLE} --role-session-name ${ROLE_SESSION_NAME} > ${TMP_FILE}

ACCESS_KEY=$(cat ${TMP_FILE} | jq -r ".Credentials.AccessKeyId")
SECRET_KEY=$(cat ${TMP_FILE} | jq -r ".Credentials.SecretAccessKey")
SESSION_TOKEN=$(cat ${TMP_FILE} | jq -r ".Credentials.SessionToken")
EXPIRATION=$(cat ${TMP_FILE} | jq -r ".Credentials.Expiration")

echo "Retrieved temp access key ${ACCESS_KEY} for role ${ASSUME_ROLE}. Key will expire at ${EXPIRATION}"

AWS_ACCESS_KEY_ID=${ACCESS_KEY} AWS_SECRET_ACCESS_KEY=${SECRET_KEY} AWS_SESSION_TOKEN=${SESSION_TOKEN} ${CMD}