Skip to content

oremj/aws-assume-role

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 

Repository files navigation

aws-assume-role

Shell function for assuming roles in to AWS

Based on https://github.com/coinbase/assume-role with a few modifications:

  • Reads GPG encrypted base credentials
  • Base credentials do not need GetUser permissions
  • ZSH auto completion
  • Bash auto completion
  • List of roles in accounts file for role auto completion
  • Validates assumed role against sts:get-caller-identity

Usage

Assuming account1 is the account alias in ~/.aws/accounts and root is the role to be assumed.

aws-assume-role account1 root

Options

AWS_ASSUME_ROLE_CACHE_TO_FILE

If set to true, the master session credentials will be written to file and will be reused for multiple terminal sessions.

Set up

Requirements

  1. jq - brew install jq
  2. AWS CLI

Create credentials file

cat <<CREDS | gpg -e -r GPG_KEY_ID > ~/.aws/credentials.gpg
export AWS_ACCESS_KEY_ID=.....
export AWS_SECRET_ACCESS_KEY=.....
CREDS

Create mfadevice file

echo arn:aws:iam::ACCOUNT_ID:mfa/USERNAME > ~/.aws/mfadevice

Source in .zshrc or .bashrc

Add . REPO_LOCATION/aws-assume-role

Create accounts file

Create an accounts file at ~/.aws/accounts

Example

{
    "account1": {
        "id": "1234567890",
        "roles": [
            "admin",
            "ro"
        ],
        "region": "us-west-2"
    },
    "account2": {
        "id": "2234567890",
        "roles": [
            "admin",
            "ro"
        ],
        "region": "us-east-1"
    }
}

About

Shell functions for assuming AWS roles

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages