https://github.com/crazyfactory/aws-sts-helper
https://github.com/crazyfactory/aws-sts-helper
Last synced: about 1 year ago
JSON representation
- Host: GitHub
- URL: https://github.com/crazyfactory/aws-sts-helper
- Owner: crazyfactory
- Created: 2021-07-13T07:30:28.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2023-08-29T08:18:37.000Z (almost 3 years ago)
- Last Synced: 2025-02-16T15:31:08.902Z (over 1 year ago)
- Language: Shell
- Size: 17.6 KB
- Stars: 0
- Watchers: 8
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# AWS STS Helper
This provides two bash scripts to help take the pain from `get-session-token` and `assume-role` calls.
# Install
You need jq
## Windows
Run in elevated git bash:
`curl -L -o /usr/bin/jq.exe https://github.com/stedolan/jq/releases/latest/download/jq-win64.exe`
## Other
https://stedolan.github.io/jq/download/
# Run
### Run Globally
Linux or git bash on Windows.
Run from this repo root.
```
./set-aliases.sh
```
Run from home dir or restart terminal:
```
source ~/.bashrc
```
### Get Session Token
To get a session token for `my_user`:
~/.aws/credentials
```
[my_user]
aws_access_key_id =
aws_secret_access_key =
```
~/.aws/config
```
[profile my_user]
region = eu-central-1
output = json
mfa_serial = arn:aws:iam:::mfa/my_user
```
Run:
```
./get-session-token.sh
```
Choose:
```
my_user
```
The temporary credentials will be stored as profile:
```
[my_user_temp]
aws_access_key_id =
aws_secret_access_key =
aws_session_token =
```
### Assume Role
To get a session token for `my_user_deployment_role`:
~/.aws/credentials
```
[my_user]
aws_access_key_id =
aws_secret_access_key =
```
Note - use `[profile ...`
~/.aws/config
```
[profile my_user]
region = eu-central-1
output = json
mfa_serial = arn:aws:iam:::mfa/my_user
[profile my_user_deployment_role]
region = eu-central-1
output = json
source_profile = my_user
role_arn = arn:aws:iam:::role/deployment_role
```
Run:
```
./assume-role.sh
```
Choose:
```
my_user_deployment_role
```
The temporary credentials will be stored as profile:
```
[my_user_deployment_role_temp]
aws_access_key_id =
aws_secret_access_key =
aws_session_token =
```