Skip to content

Commit

Permalink
Add assume role script for aws
Browse files Browse the repository at this point in the history
  • Loading branch information
@erikburgess @hangxie
erikburgess authored and hangxie committed Mar 19, 2021
1 parent 1a0c620 commit e571ede
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 2 deletions.
4 changes: 2 additions & 2 deletions files/provision.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,13 +213,13 @@ function layer_install_python_based_utils_and_libs() {
'python-octaviaclient==2.0.0' \
'python-openstackclient==4.0.0' \
'pyvmomi==6.7.3' \
'pyyaml==3.13' \
'pyyaml==5.1' \
'requests==2.23.0' \
'sh==1.12.14' \
'sshuttle==0.78.5' \
'structlog==20.1.0' \
'urllib3==1.25.8' \
'virtualenv==20.0.4' \
'virtualenv==20.0.8' \
'yamllint==1.20.0' \
'yapf' \
'yq' && \
Expand Down
36 changes: 36 additions & 0 deletions files/usr/local/bin/assume-role
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
#!/usr/bin/env bash -x

aws_account_id=${1:-""}
aws_assume_role=${2:-""}
aws_role_session=${3:-${USER}}-"$aws_assume_role"

unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN

if [ -z "$aws_account_id" ]
then
echo "Missing account_id"
usage()
fi

if [ -z "$aws_assume_role" ]
then
echo "Missing assume_role"
usage()
fi

credentials=$(aws sts assume-role \
--role-arn arn:aws:iam::${aws_account_id}:role/${aws_assume_role} \
--role-session-name ${aws_role_session}\@cisco.com \
--query Credentials --output=json)


export AWS_ACCESS_KEY_ID=$(echo $credentials | jq -r '.AccessKeyId')
export AWS_SECRET_ACCESS_KEY=$(echo $credentials | jq -r '.SecretAccessKey')
export AWS_SESSION_TOKEN=$(echo $credentials | jq -r '.SessionToken')


usage() {
echo "assume-role <account_id> <assume_role> (session_name)\n"
echo "Required: account_id, assume_role\n"
echo 'Optional: session_name '
}

0 comments on commit e571ede

Please sign in to comment.