Skip to content
/ atg Public

Assume to go is a utility to export variables from assume-role

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

joanbono/atg

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
modules
modules
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
main.go
main.go
 
 

Repository files navigation

atg

Assume to go is a utility to export variables from assume-role and be ready to go.

From this:

{
    "Credentials": {
        "AccessKeyId": "AAAAAAAAAAAAAAA",
        "SecretAccessKey": "BBBBBBBBBBBBBBBBBB",
        "SessionToken": "CCCCCCCCCCCCCCCCCCCCCCCC",
        "Expiration": "2021-01-27T13:10:39+00:00"
    },
    "AssumedRoleUser": {
        "AssumedRoleId": "DDDD:name",
        "Arn": "ARN"
    }
}

To this:

export AWS_ACCESS_KEY_ID="AAAAAAAAAAAAAAA"
export AWS_SECRET_ACCESS_KEY="BBBBBBBBBBBBBBBBBB"
export AWS_SESSION_TOKEN="CCCCCCCCCCCCCCCCCCCCCCCC"

As an alternative for people using fish, cmd or PowerShell (defaults to bash), it is possible to set which output is preferred. As example for PowerShell:

PS> aws sts assume-role --role-arn ${ROLE_ARN} --role-session-name ${SESSION_NAME} --external-id ${EXTERNAL_ID} | atg -powershell

$Env:AWS_ACCESS_KEY_ID="AAAAAAAAAAAAAAA"
$Env:AWS_SECRET_ACCESS_KEY="BBBBBBBBBBBBBBBBBB"
$Env:AWS_SESSION_TOKEN="CCCCCCCCCCCCCCCCCCCCCCCC"

Read from stdin and import

$> aws sts get-caller-identity
{
    "UserId": "AIDA11111111111111111",
    "Account": "111111111111",
    "Arn": "arn:aws:iam::111111111111:user/myuser"
}

$> eval $(aws sts assume-role --role-arn ${ROLE_ARN} --role-session-name ${SESSION_NAME} --external-id ${EXTERNAL_ID} | atg)
$> aws sts get-caller-identity
{
    "UserId": "AROA22222222222222222:${SESSION_NAME}",
    "Account": "222222222222",
    "Arn": "arn:aws:sts::222222222222:assumed-role/role-name/${SESSION_NAME}"
}

Read from role.json file for fish:

~> aws sts get-caller-identity
{
    "UserId": "AIDA11111111111111111",
    "Account": "111111111111",
    "Arn": "arn:aws:iam::111111111111:user/myuser"
}

~> eval $(atg -json role.json -fish)
~> aws sts get-caller-identity
{
    "UserId": "AROA22222222222222222:${SESSION_NAME}",
    "Account": "222222222222",
    "Arn": "arn:aws:sts::222222222222:assumed-role/role-name/${SESSION_NAME}"
}

Using MFA

If an MFA device is required to authenticate, follow these instructions:

# Account with MFA configured
$ eval $(aws --profile mfa sts get-session-token --serial-number arn:aws:iam::111111111111:mfa/userMFA --token-code 123123 | atg)

# Assume the role from the MFA account to a different account
$ eval $(aws sts assume-role --role-arn arn:aws:iam::222222222222:role/role-to-assume --role-session-name assume-with-mfa | atg)

About

Assume to go is a utility to export variables from assume-role

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

5 watching

Forks

0 forks
Report repository

Releases 3

v1.6.0 Latest
Aug 20, 2024
+ 2 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages