Shell function for assuming roles in to AWS
Based on https://github.com/coinbase/assume-role with a few modifications:
- Reads GPG encrypted base credentials
- Base credentials do not need GetUser permissions
- ZSH auto completion
- Bash auto completion
- List of roles in accounts file for role auto completion
- Validates assumed role against sts:get-caller-identity
Assuming account1 is the account alias in ~/.aws/accounts and root is the role to be assumed.
aws-assume-role account1 root
AWS_ASSUME_ROLE_CACHE_TO_FILE
If set to true
, the master session credentials will be written to file and will be reused for multiple terminal sessions.
- jq -
brew install jq
- AWS CLI
cat <<CREDS | gpg -e -r GPG_KEY_ID > ~/.aws/credentials.gpg
export AWS_ACCESS_KEY_ID=.....
export AWS_SECRET_ACCESS_KEY=.....
CREDS
echo arn:aws:iam::ACCOUNT_ID:mfa/USERNAME > ~/.aws/mfadevice
Add . REPO_LOCATION/aws-assume-role
Create an accounts file at ~/.aws/accounts
{
"account1": {
"id": "1234567890",
"roles": [
"admin",
"ro"
],
"region": "us-west-2"
},
"account2": {
"id": "2234567890",
"roles": [
"admin",
"ro"
],
"region": "us-east-1"
}
}