-
-
Save rodgerhe/e378454ff200f86b233029ce2d627f7c to your computer and use it in GitHub Desktop.
Script to issue a STS token using an AWS profile credential that set another AWS profile credential with the result
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| script_name=`basename "$0"` | |
| text_bold=$(tput bold) | |
| text_normal=$(tput sgr0) | |
| showHelp() { | |
| echo -e "${script_name} | |
| ${text_bold}DESCRIPTION${text_normal} | |
| The aws configure set command can be used to set a single configuration | |
| Script to issue a STS token using an AWS profile credential that set | |
| another AWS profile credential with the result configuration values | |
| from the config file. | |
| See '${script_name} help' for descriptions of global parameters. | |
| ${text_bold}SYNOPSIS${text_normal} | |
| ${script_name} | |
| [--profile-mfa <value>] | |
| [--profile-set <value>] | |
| [--duration-seconds <value>] | |
| [--serial-number <value>] | |
| [--token-code <mfa-code>] | |
| ${text_bold}EXAMPLES${text_normal} | |
| Issue a STS token using example.mfa profile to set the example profile | |
| $ ${script_name} --profile-mfa example.mfa --profile-set example --duration-seconds 129600 --serial-number arn:aws:iam::000000000000:mfa/iam_user | |
| $ ${script_name} --profile-mfa example.mfa --profile-set example --duration-seconds 129600 --serial-number arn:aws:iam::000000000000:mfa/iam_user --token-code 000000 | |
| ${script_name}" | less | |
| } | |
| if (( ${#@} == 0 )); then | |
| showHelp | |
| exit 1 | |
| fi | |
| while [ "$1" != "" ]; do | |
| case $1 in | |
| --profile-mfa ) | |
| shift | |
| profile_mfa=$1 | |
| ;; | |
| --profile-set ) | |
| shift | |
| profile_set=$1 | |
| ;; | |
| --duration-seconds ) | |
| shift | |
| duration_seconds=$1 | |
| ;; | |
| --serial-number ) | |
| shift | |
| serial_number=$1 | |
| ;; | |
| --token-code ) | |
| shift | |
| token_code=$1 | |
| ;; | |
| help | --help | -h ) | |
| showHelp | |
| exit 0 | |
| ;; | |
| * ) | |
| showHelp | |
| exit 1 | |
| ;; | |
| esac | |
| shift | |
| done | |
| if [ -z "${profile_set}" ]; then | |
| profile_set="default" | |
| fi | |
| if [ -z "${token_code}" ]; then | |
| echo -n "Enter token code: " | |
| read -r token_code | |
| if [ -z "${token_code}" ]; then | |
| echo "--token-code is required" | |
| exit 1 | |
| fi | |
| fi | |
| command="aws sts get-session-token --output text --query '*.[AccessKeyId,SecretAccessKey,SessionToken]'" | |
| if [ "${profile_mfa}" ]; then | |
| command="${command} --profile ${profile_mfa}" | |
| fi | |
| if [ "${duration_seconds}" ]; then | |
| command="${command} --duration-seconds ${duration_seconds}" | |
| fi | |
| if [ "${serial_number}" ]; then | |
| command="${command} --serial-number ${serial_number}" | |
| fi | |
| if [ "${token_code}" ]; then | |
| command="${command} --token-code ${token_code}" | |
| fi | |
| result=$(eval ${command}) || exit 1; | |
| access_key_id=$(printf '%s' "${result}" | awk '{print $1;}') | |
| secret_access_key=$(printf '%s' "${result}" | awk '{print $2;}') | |
| session_token=$(printf '%s' "${result}" | sed 's/[[:blank:]]$//g' | awk '{print $3;}') | |
| aws configure set profile.${profile_set}.aws_access_key_id $access_key_id | |
| aws configure set profile.${profile_set}.aws_secret_access_key $secret_access_key | |
| aws configure set profile.${profile_set}.aws_session_token $session_token | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment