You can use aws sts assume-role cli command to get a temporary access_key, secret_key, and token.
Shell script to get temporary credentials through assume role without any external tool like jq:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
#!/bin/bash ROLE_ARN='' ROLE_SESSION_NAME='' ## optinally set to aws credentails file PROFILE_NAME='' CRED=(`aws sts assume-role \ --role-arn $ROLE_ARN \ --role-session-name $ROLE_SESSION_NAME \ --query '[Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken]' \ --output text`) ## set as environment variables export AWS_ACCESS_KEY_ID=${CRED[0]} export AWS_SECRET_ACCESS_KEY=${CRED[1]} export AWS_SESSION_TOKEN=${CRED[2]} ## optinally set to aws credentails file aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID --profile $PROFILE_NAME aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY --profile $PROFILE_NAME aws configure set aws_session_token $AWS_SESSION_TOKEN --profle $PROFILE_NAME |
Shell script to get temporary credentials through assume role using jq:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
#!/bin/bash ROLE_ARN='' ROLE_SESSION_NAME='' ## optinally set to aws credentails file PROFILE_NAME='' CRED=$(aws sts assume-role \ --role-arn $ROLE_ARN \ --role-session-name $ROLE_SESSION_NAME) ## set as environment variables export AWS_ACCESS_KEY_ID=$(echo $CRED | jq -r .Credentials.AccessKeyId) export AWS_SECRET_ACCESS_KEY=$(echo $CRED | jq -r .Credentials.SecretAccessKey) export AWS_SESSION_TOKEN=$(echo $CRED | jq -r .Credentials.SessionToken) ## optinally set to aws credentails file aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID --profile $PROFILE_NAME aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY --profile $PROFILE_NAME aws configure set aws_session_token $AWS_SESSION_TOKEN --profle $PROFILE_NAME |