how.wtf

STS assume role in one command using AWS CLI

· Thomas Taylor

In order to assume a role, two actions must normally be completed.

How to assume role with STS

1aws sts assume-role \
2	--role-arn ROLE \
3	--role-session-name test

Output:

 1{
 2	"Credentials": {
 3		"AccessKeyId": "...",
 4		"SecretAccessKey": "...",
 5		"SessionToken": "...",
 6		"Expiration": "2023-03-21T11:32:58+00:00"
 7	},
 8	"AssumedRoleUser": {
 9		"AssumedRoleId": "...",
10		"Arn": "..."
11	}
12}

then, export the credentials in the next step

1export AWS_ACCESS_KEY_ID="..."
2export AWS_SECRET_ACCESS_KEY="..."
3export AWS_SESSION_TOKEN="..."

How to assume role in one command

Manually exporting the credentials is a tedious process; however, the command can be simplified to export in one line.

1export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" \
2$(aws sts assume-role \
3	--role-arn arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME \
4	--role-session-name SESSION_NAME \
5	--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
6	--output text))

This solution uses the printf built-in.

#aws   #aws-cli  

Reply to this post by email ↪