Skip to content

nadroz/assume-role

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
vendor
vendor
 
 
.gitignore
.gitignore
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
circle.yml
circle.yml
 
 
main.go
main.go
 
 

Repository files navigation

This tool will request and set temporary credentials in your shell environment variables for a given role.

$ go get -u github.com/bndw/assume-role

Configuration

This tool requires a profile for each role you would like to assume in ~/.aws/config.

Each profile must contain the following attributes:

  • region
  • role_arn
  • mfa_serial
  • source_profile

For example:

~/.aws/config:

[profile boa-igc-dev]
region = us-east-2

[profile devops@boa-igc-dev]
# Dev AWS Account.
region = us-east-2
role_arn = arn:aws:iam::1234:role/DevOps
mfa_serial = arn:aws:iam::5678:mfa/YourUser
source_profile = boa-igc-dev

[profile devops@boa-igc-prd-na2]
# Production AWS Account.
region = us-east-2
role_arn = arn:aws:iam::9012:role/DevOps
mfa_serial = arn:aws:iam::5678:mfa/YourUser
source_profile = boa-igc-dev

~/.aws/credentials:

[boa-igc-dev]
aws_access_key_id = AKIMYFAKEEXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/MYxFAKEYEXAMPLEKEY

Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html

Usage

Perform an action as the given IAM role:

$ assume-role devops@boa-igc-dev aws iam get-user

The assume-role tool sets AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN, AWS_REGION, and AWS_DEFAULT_REGION environment variables and then executes the command provided.

If the role requires MFA, you will be asked for the token first:

$ assume-role devops@boa-prd-na-2 aws iam get-user
MFA code: 123456

If no command is provided, assume-role will output the temporary security credentials:

$ assume-role prod
export AWS_ACCESS_KEY_ID="ASIAI....UOCA"
export AWS_SECRET_ACCESS_KEY="DuH...G1d"
export AWS_SESSION_TOKEN="AQ...1BQ=="
export AWS_SECURITY_TOKEN="AQ...1BQ=="
export AWS_DEFAULT_REGION="us-east-2"
export AWS_REGION="us-east-2"
export ASSUMED_ROLE="devops@boa-igc-prd-na2"
# Run this to configure your shell:
# eval $(assume-role prod)

Or windows PowerShell:

$env:AWS_ACCESS_KEY_ID="ASIAI....UOCA"
$env:AWS_SECRET_ACCESS_KEY="DuH...G1d"
$env:AWS_SESSION_TOKEN="AQ...1BQ=="
$env:AWS_SECURITY_TOKEN="AQ...1BQ=="
$env:AWS_REGION="us-east-2"
$env:AWS_DEFAULT_REGION="us-east-2"
$env:ASSUMED_ROLE="devops@boa-igc-prd-na2"
# Run this to configure your shell:
# assume-role.exe prod | Invoke-Expression

About

Easily assume AWS roles in your terminal.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

8 tags

Packages

No packages published

Languages

  • Go 91.8%
  • Makefile 8.2%