-
-
Save pawel-t/1601b7c99871bb298a84d7f5256d4e8a to your computer and use it in GitHub Desktop.
Revisions
-
ddgenome revised this gist
Aug 22, 2017 . 1 changed file with 7 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,8 +7,9 @@ # # usage: aws-creds MFA_TOKEN [OTHER_AWS_STS_GET-SESSION-TOKEN_OPTIONS...] function aws-creds () { local pkg=aws-creds if [[ ! $1 ]]; then echo "$pkg: missing required argument: MFA_TOKEN" 1>&2 return 99 fi @@ -31,30 +32,30 @@ function aws-creds () { fi local rv creds_json creds_json=$(aws --output json sts get-session-token --duration-seconds 86400 --serial-number "arn:aws:iam::$aws_account:mfa/$iam_user" --token-code "$@") rv="$?" if [[ $rv -ne 0 || ! $creds_json ]]; then echo "$pkg: failed to get credentials for user '$iam_user' account '$aws_account': $creds_json" 1>&2 return "$rv" fi local jq="jq --exit-status --raw-output" AWS_ACCESS_KEY_ID=$(echo "$creds_json" | $jq .Credentials.AccessKeyId) rv="$?" if [[ $rv -ne 0 || ! $AWS_ACCESS_KEY_ID ]]; then echo "$pkg: failed to parse output for AWS_ACCESS_KEY_ID: $creds_json" 1>&2 return "$rv" fi AWS_SECRET_ACCESS_KEY=$(echo "$creds_json" | $jq .Credentials.SecretAccessKey) rv="$?" if [[ $rv -ne 0 || ! $AWS_SECRET_ACCESS_KEY ]]; then echo "$pkg: failed to parse output for AWS_SECRET_ACCESS_KEY: $creds_json" 1>&2 return "$rv" fi AWS_SESSION_TOKEN=$(echo "$creds_json" | $jq .Credentials.SessionToken) rv="$?" if [[ $rv -ne 0 || ! $AWS_SESSION_TOKEN ]]; then echo "$pkg: failed to parse output for AWS_SESSION_TOKEN: $creds_json" 1>&2 return "$rv" fi -
Aug 18, 2017 . 1 changed file with 22 additions and 7 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -3,18 +3,33 @@ # See http://docs.aws.amazon.com/cli/latest/reference/sts/get-session-token.html . # You must have jq installed and in your PATH https://stedolan.github.io/jq/ . # Add this function to your .bashrc or save it to a file and source that file from .bashrc . # https://gist.github.com/ddgenome/f13f15dd01fb88538dd6fac8c7e73f8c # # usage: aws-creds MFA_TOKEN [OTHER_AWS_STS_GET-SESSION-TOKEN_OPTIONS...] function aws-creds () { if [[ ! $1 ]]; then echo "aws-creds: missing required argument: MFA_TOKEN_CODE" 1>&2 return 99 fi export -n AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN local iam_user if [[ $AWS_IAM_USER ]]; then iam_user=$AWS_IAM_USER else iam_user=$(whoami) if [[ $? -ne 0 || ! $iam_user ]]; then echo "$pkg: failed to set IAM user: $iam_user" return 10 fi fi local aws_account if [[ $AWS_ACCOUNT ]]; then aws_account=$AWS_ACCOUNT else aws_account=REPLACE_WITH_ACCOUNT_IF_YOU_DO_NOT_WANT_TO_SET_AWS_ACCOUNT fi local rv creds_json creds_json=$(set -o pipefail; aws --output json sts get-session-token --duration-seconds 86400 --serial-number "arn:aws:iam::$aws_account:mfa/$iam_user" --token-code "$@") rv="$?" @@ -44,6 +59,6 @@ function aws-creds () { fi export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID; AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY; AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN; export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN" } -
Sep 22, 2016 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -11,6 +11,7 @@ function aws-creds () { return 99 fi export -n AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN # replace USER and 12_DIGIT_ACCOUNT_NUMBER with appropriate values local iam_user="USER" local aws_account="12_DIGIT_ACCOUNT_NUMBER" -
Sep 22, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,7 +7,7 @@ # Usage: aws-creds MFA_TOKEN [OTHER_AWS_STS_GET-SESSION-TOKEN_OPTIONS] function aws-creds () { if [[ ! $1 ]]; then echo "aws-creds: missing required argument: MFA_TOKEN_CODE" 1>&2 return 99 fi -
Sep 14, 2016 . 1 changed file with 10 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,35 +6,39 @@ # Usage: aws-creds MFA_TOKEN [OTHER_AWS_STS_GET-SESSION-TOKEN_OPTIONS] function aws-creds () { if [[ ! $1 ]]; then echo "aws-creds: missing required argument: TOKEN_CODE" 1>&2 return 99 fi # replace USER and 12_DIGIT_ACCOUNT_NUMBER with appropriate values local iam_user="USER" local aws_account="12_DIGIT_ACCOUNT_NUMBER" local rv creds_json creds_json=$(set -o pipefail; aws --output json sts get-session-token --duration-seconds 86400 --serial-number "arn:aws:iam::$aws_account:mfa/$iam_user" --token-code "$@") rv="$?" if [[ $rv -ne 0 || ! $creds_json ]]; then echo "aws-creds: failed to get credentials: $creds_json" 1>&2 return "$rv" fi local jq="jq --exit-status --raw-output" AWS_ACCESS_KEY_ID=$(echo "$creds_json" | $jq .Credentials.AccessKeyId) rv="$?" if [[ $rv -ne 0 || ! $AWS_ACCESS_KEY_ID ]]; then echo "aws-creds: failed to parse output for AWS_ACCESS_KEY_ID: $creds_json" 1>&2 return "$rv" fi AWS_SECRET_ACCESS_KEY=$(echo "$creds_json" | $jq .Credentials.SecretAccessKey) rv="$?" if [[ $rv -ne 0 || ! $AWS_SECRET_ACCESS_KEY ]]; then echo "aws-creds: failed to parse output for AWS_SECRET_ACCESS_KEY: $creds_json" 1>&2 return "$rv" fi AWS_SESSION_TOKEN=$(echo "$creds_json" | $jq .Credentials.SessionToken) rv="$?" if [[ $rv -ne 0 || ! $AWS_SESSION_TOKEN ]]; then echo "aws-creds: failed to parse output for AWS_SESSION_TOKEN: $creds_json" 1>&2 return "$rv" fi -
Sep 13, 2016 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -39,4 +39,6 @@ function aws-creds () { fi export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN echo -e "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID\nAWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY\nAWS_SESSION_TOKEN=$AWS_SESSION_TOKEN\nexport AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN" } -
Sep 13, 2016 . No changes.There are no files selected for viewing
-
Sep 9, 2016 . 1 changed file with 6 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,10 @@ #!/bin/bash # Fetch 24-hour AWS STS session token and set appropriate environment variables. # See http://docs.aws.amazon.com/cli/latest/reference/sts/get-session-token.html . # You must have jq installed and in your PATH https://stedolan.github.io/jq/ . # Add this function to your .bashrc or save it to a file and source that file from .bashrc . # Usage: aws-creds MFA_TOKEN [OTHER_AWS_STS_GET-SESSION-TOKEN_OPTIONS] function aws-creds () { # replace USER and 12_DIGIT_ACCOUNT_NUMBER with appropriate values local iam_user="USER" -
Sep 9, 2016 . 1 changed file with 4 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,9 +1,11 @@ #!/bin/bash # Fetch 24-hour AWS STS session token and set appropriate environment variables # you must have jq installed and in your PATH https://stedolan.github.io/jq/ # usage: aws-creds MFA_TOKEN function aws-creds () { # replace USER and 12_DIGIT_ACCOUNT_NUMBER with appropriate values local iam_user="USER" local aws_account="12_DIGIT_ACCOUNT_NUMBER" local rv local creds_json creds_json=$(set -o pipefail; aws --output json sts get-session-token --duration-seconds 86400 --serial-number "arn:aws:iam::$aws_account:mfa/$iam_user" --token-code "$@") -
Sep 9, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,37 @@ #!/bin/bash # Fetch 24-hour AWS STS session token and set appropriate environment variables # you must have jq installed and in your PATH https://stedolan.github.io/jq/ function aws-creds () { local iam_user=USER local aws_account=12_DIGIT_ACCOUNT_NUMBER local rv local creds_json creds_json=$(set -o pipefail; aws --output json sts get-session-token --duration-seconds 86400 --serial-number "arn:aws:iam::$aws_account:mfa/$iam_user" --token-code "$@") rv="$?" if [[ $rv -ne 0 || ! $creds_json ]]; then echo "failed to get credentials: $creds_json" return "$rv" fi local jq="jq --exit-status --raw-output" AWS_ACCESS_KEY_ID=$(echo "$creds_json" | $jq .Credentials.AccessKeyId) rv="$?" if [[ $rv -ne 0 || ! $AWS_ACCESS_KEY_ID ]]; then echo "failed to parse output for AWS_ACCESS_KEY_ID: $creds_json" return "$rv" fi AWS_SECRET_ACCESS_KEY=$(echo "$creds_json" | $jq .Credentials.SecretAccessKey) rv="$?" if [[ $rv -ne 0 || ! $AWS_SECRET_ACCESS_KEY ]]; then echo "failed to parse output for AWS_SECRET_ACCESS_KEY: $creds_json" return "$rv" fi AWS_SESSION_TOKEN=$(echo "$creds_json" | $jq .Credentials.SessionToken) rv="$?" if [[ $rv -ne 0 || ! $AWS_SESSION_TOKEN ]]; then echo "failed to parse output for AWS_SESSION_TOKEN: $creds_json" return "$rv" fi export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN }