In order to assume a role, two actions must normally be completed.
How to assume role with STS
1
2
3
| aws sts assume-role \
--role-arn ROLE \
--role-session-name test
|
Output:
1
2
3
4
5
6
7
8
9
10
11
12
| {
"Credentials": {
"AccessKeyId": "...",
"SecretAccessKey": "...",
"SessionToken": "...",
"Expiration": "2023-03-21T11:32:58+00:00"
},
"AssumedRoleUser": {
"AssumedRoleId": "...",
"Arn": "..."
}
}
|
then, export the credentials in the next step
1
2
3
| export AWS_ACCESS_KEY_ID="..."
export AWS_SECRET_ACCESS_KEY="..."
export AWS_SESSION_TOKEN="..."
|
How to assume role in one command
Manually exporting the credentials is a tedious process; however, the command can be simplified to export in one line.
1
2
3
4
5
6
| export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" \
$(aws sts assume-role \
--role-arn arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME \
--role-session-name SESSION_NAME \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text))
|
This solution uses the printf built-in.