-
Notifications
You must be signed in to change notification settings - Fork 0
/
assume-role.sh
executable file
·36 lines (28 loc) · 1.04 KB
/
assume-role.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/usr/bin/env bash
set -e
role=$1
if [ -z $role ]; then
echo "Role not set."
exit 1
fi
mfa_serial=$(aws configure get mfa_serial --profile base)
if [ -z "${mfa_serial}" ]; then
echo "mfa_serial for profile config does not exist. Did you set it?"
exit 1
fi
mfa_serial=$(aws configure get mfa_serial --profile base)
read -p "Enter MFA (${mfa_serial}): " mfa_response
if [ -z "${mfa_response}" ]; then
echo "MFA not provided"
exit 1
fi
account=$(aws sts get-caller-identity --profile base | jq -r '.Account')
response=$(aws sts assume-role \
--role-arn "arn:aws:iam::${account}:role/${role}" \
--role-session-name session \
--profile base \
--serial-number "${mfa_serial}" \
--token-code "${mfa_response}")
aws configure set aws_access_key_id $(echo $response | jq -r '.Credentials.AccessKeyId') --profile "${role}"
aws configure set aws_secret_access_key $(echo $response | jq -r '.Credentials.SecretAccessKey') --profile "${role}"
aws configure set aws_session_token $(echo $response | jq -r '.Credentials.SessionToken') --profile "${role}"