[ad_1]
The difficulty – what it takes to imagine a job
To imagine an AWS function within the CLI, you’ll have to do one thing like this:
aws sts assume-role --role-arn arn:aws:iam::123456789123:function/myAwesomeRole --role-session-name take a look at --region eu-central-1
This gives you the next output:
{
"Credentials": {
"AccessKeyId": "someAccessKeyId",
"SecretAccessKey": "someSecretAccessKey",
"SessionToken": "someSessionToken",
"Expiration": "20203-01-02T06:52:13+00:00"
},
"AssumedRoleUser": {
"AssumedRoleId": "idOfTheAssummedRole",
"Arn": "theARNOfTheRoleIWantToAssume"
}
}
However then you’ll have to manually copy and paste the values of AccessKeyId, SecretAccessKey and SessionToken in a bunch of exports like this:
export AWS_ACCESS_KEY_ID="someAccessKeyId"
export AWS_SECRET_ACCESS_KEY="someSecretAccessKey"
export AWS_SESSION_TOKEN="someSessionToken"
At this stage you’ll be able to assume the function….
The answer – find out how to pace this up
You are able to do this with, or with out jq.
Clearly the less dependencies the higher, so we are going to do it:
- With out
jq - With out
a number of exports - Through the use of
printfbuilt-ins
This additionally permits the good thing about no credential leakage by /proc..
export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s"
$(aws sts assume-role
--role-arn arn:aws:iam::123456789012:function/MyAssumedRole
--role-session-name MySessionName
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]"
--output textual content))
[ad_2]