The problem – what it requires to presume a function
To presume an AWS function in the CLI, you will need to do something like this:
aws sts assume-role-- role-arn arn: aws: iam::123456789123: role/myAwesomeRole-- role-session-name test-- area eu-central-1
This will offer you the list below output:
{
" Qualifications": {
" AccessKeyId": "someAccessKeyId",.
" SecretAccessKey": "someSecretAccessKey",.
" SessionToken": "someSessionToken",.
" Expiration": "20203-01-02T06:52:13 +00:00".
},.
" AssumedRoleUser": {
" AssumedRoleId": "idOfTheAssummedRole",.
" Arn": "theARNOfTheRoleIWantToAssume".
}
}
However then you will need to by hand copy and paste the worths of AccessKeyId, SecretAccessKey and SessionToken in a lot of exports like this:
export AWS_ACCESS_KEY_ID=" someAccessKeyId"
export AWS_SECRET_ACCESS_KEY=" someSecretAccessKey"
export AWS_SESSION_TOKEN=" someSessionToken"
At this phase you can presume the function&& mldr;.
The service – how to speed this up
You can do this with, or without jq
Undoubtedly the less reliances the much better, so we will do it:
- Without
jq - Without
several exports - By utilizing
printfbuilt-ins
This likewise enables the advantage of no credential leak through / proc
export $( printf "AWS_ACCESS_KEY_ID=% s AWS_SECRET_ACCESS_KEY=% s AWS_SESSION_TOKEN=% s".
$( aws sts assume-role.
-- role-arn arn: aws: iam::123456789012: role/MyAssumedRole.
-- role-session-name MySessionName.
-- inquiry "Qualifications.[AccessKeyId,SecretAccessKey,SessionToken]".
-- output text)).