-
-
Save jakebrinkmann/26abfd176dafad0dbbf017a57a8fa0e9 to your computer and use it in GitHub Desktop.
Revisions
-
vranystepan revised this gist
May 28, 2019 . 2 changed files with 17 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,6 +2,22 @@ ## Example set AWS env. variables ```bash export ASSUME_ROLE_ARN="arn:aws:iam::000000000000:role/role00001" export AWS_ACCESS_KEY_ID="..." export AWS_SECRET_ACCESS_KEY="..." ``` optionally you can set session token for MFA ```bash export AWS_SESSION_TOKEN="..." ``` and then load the helper ```bash wget "${ASSUME_HELPER_URL}" -O ./init.sh . ./init.sh This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -49,5 +49,4 @@ unset AWS_SESSION_TOKEN # export AWS environment variables export AWS_CONFIG_FILE export AWS_SHARED_CREDENTIALS_FILE -
May 28, 2019 . 1 changed file with 4 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -23,14 +23,13 @@ mkdir -p "$(pwd)/.aws" # configure aws cli behaviour AWS_CONFIG_FILE="$(pwd)/.aws/config" AWS_SHARED_CREDENTIALS_FILE="$(pwd)/.aws/credentials" cat <<EOT > "${AWS_CONFIG_FILE}" [profile main] region = eu-central-1 output = json [profile default] role_arn = ${ASSUME_ROLE_ARN} source_profile = main EOT @@ -39,14 +38,16 @@ cat <<EOT > "${AWS_SHARED_CREDENTIALS_FILE}" [main] aws_access_key_id = ${AWS_ACCESS_KEY_ID} aws_secret_access_key = ${AWS_SECRET_ACCESS_KEY} aws_session_token = ${AWS_SESSION_TOKEN} EOT # unset AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, # otherwise AWS_DEFAULT_PROFILE won't work unset AWS_ACCESS_KEY_ID unset AWS_SECRET_ACCESS_KEY unset AWS_SESSION_TOKEN # export AWS environment variables export AWS_CONFIG_FILE export AWS_SHARED_CREDENTIALS_FILE export AWS_DEFAULT_PROFILE -
May 27, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -49,4 +49,4 @@ unset AWS_SECRET_ACCESS_KEY # export AWS environment variables export AWS_CONFIG_FILE export AWS_SHARED_CREDENTIALS_FILE export AWS_DEFAULT_PROFILE -
May 27, 2019 . 1 changed file with 9 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -21,9 +21,9 @@ check_empty AWS_SECRET_ACCESS_KEY # create temporary directory for aws config & credentials mkdir -p "$(pwd)/.aws" # configure aws cli behaviour AWS_CONFIG_FILE="$(pwd)/.aws/config" AWS_SHARED_CREDENTIALS_FILE="$(pwd)/.aws/credentials" AWS_DEFAULT_PROFILE="sub-account" cat <<EOT > "${AWS_CONFIG_FILE}" [profile main] @@ -44,4 +44,9 @@ EOT # unset AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, # otherwise AWS_DEFAULT_PROFILE won't work unset AWS_ACCESS_KEY_ID unset AWS_SECRET_ACCESS_KEY # export AWS environment variables export AWS_CONFIG_FILE export AWS_SHARED_CREDENTIALS_FILE export AWS_DEFAULT_PROFILE% -
May 27, 2019 . 1 changed file with 3 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,3 +7,6 @@ wget "${ASSUME_HELPER_URL}" -O ./init.sh . ./init.sh aws eks list-clusters --region eu-central-1 ``` ## Caveats Do not execute this helper as script. As we need to modify environment variables in the current proces - helper has to be sourced with `source` or `.` -
May 27, 2019 . 1 changed file with 7 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,2 +1,9 @@ # Simple AWS IAM role assume for CI/CD environments ## Example ```bash wget "${ASSUME_HELPER_URL}" -O ./init.sh . ./init.sh aws eks list-clusters --region eu-central-1 ``` -
May 27, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,2 @@ # Simple AWS IAM role assume for CI/CD environments This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,47 @@ #!/bin/sh check_empty () { # $1 is variable name # Write status echo "checking variable ${1} ..." # check if variable is empty - unset or '' if [ -z "$(eval echo \$"$1")" ]; then echo "${1} is empty!" exit 1 fi } # perform validation check_empty ASSUME_ROLE_ARN check_empty AWS_ACCESS_KEY_ID check_empty AWS_SECRET_ACCESS_KEY # create temporary directory for aws config & credentials mkdir -p "$(pwd)/.aws" # configure aws cli behaviour export AWS_CONFIG_FILE="$(pwd)/.aws/config" export AWS_SHARED_CREDENTIALS_FILE="$(pwd)/.aws/credentials" export AWS_DEFAULT_PROFILE="sub-account" cat <<EOT > "${AWS_CONFIG_FILE}" [profile main] region = eu-central-1 output = json [profile sub-account] role_arn = ${ASSUME_ROLE_ARN} source_profile = main EOT cat <<EOT > "${AWS_SHARED_CREDENTIALS_FILE}" [main] aws_access_key_id = ${AWS_ACCESS_KEY_ID} aws_secret_access_key = ${AWS_SECRET_ACCESS_KEY} EOT # unset AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, # otherwise AWS_DEFAULT_PROFILE won't work unset AWS_ACCESS_KEY_ID unset AWS_SECRET_ACCESS_KEY