Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
W
workstation
Manage
Activity
Members
Labels
Plan
Issues
1
Issue boards
Milestones
Wiki
Jira
Code
Merge requests
1
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Releases
Package Registry
Container Registry
Operate
Terraform modules
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
IT Common Platform
Public Images
workstation
Commits
f94ed866
Commit
f94ed866
authored
1 year ago
by
Joshua David Akers
Committed by
Joshua Davis Aylor
1 year ago
Browse files
Options
Downloads
Patches
Plain Diff
[
PLATFORM-2170
] add aws_sts_set function
parent
40f00d1c
Branches
Branches containing commit
1 merge request
!7
[PLATFORM-2170] add aws_sts_set function
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
aws-sts-client.sh
+11
-15
11 additions, 15 deletions
aws-sts-client.sh
with
11 additions
and
15 deletions
aws-sts-client.sh
+
11
−
15
View file @
f94ed866
aws_token_create
()
{
if
[
-z
"
$AWS_STS_TIMEOUT
"
]
then
AWS_STS_TIMEOUT
=
900
fi
aws_sts_set
()
{
# Example usage:
# aws_sts_do <master-account> <account-to-be-managed> <role-name>
# aws_sts_do vtnis-ss 541585145005 NISAdmin
unset
AWS_ACCESS_KEY_ID
unset
AWS_SECRET_ACCESS_KEY
unset
AWS_SESSION_TOKEN
AWS_ACCOUNT_NUMBER
=
$2
AWS_ROLE_NAME
=
$3
export
AWS_ACCESS_KEY_ID
=
$(
gpg
--quiet
-d
${
HOME
}
/.aws/
$1_id
.asc
)
export
AWS_SECRET_ACCESS_KEY
=
$(
gpg
--quiet
-d
${
HOME
}
/.aws/
$1_key
.asc
)
token
=
$(
aws sts assume-role
--role-arn
$AWS_ROLE_ARN
--role-session-name
$USERNAME
-
$AWS_ROLE_NAME
-workstation
--duration-seconds
$AWS_STS_TIMEOUT
)
token
=
$(
aws sts assume-role
--role-arn
"arn:aws:iam::
${
AWS_ACCOUNT_NUMBER
}
:role/
$AWS_ROLE_NAME
"
--role-session-name
$USER
-
$AWS_ROLE_NAME
-workstation
--duration-seconds
3600
)
unset
AWS_ACCESS_KEY_ID
unset
AWS_SECRET_ACCESS_KEY
unset
AWS_SESSION_TOKEN
...
...
@@ -22,9 +18,9 @@ aws_token_create () {
key
=
$(
echo
$token
| jq
--raw-output
'.Credentials.SecretAccessKey'
)
session_token
=
$(
echo
$token
| jq
--raw-output
'.Credentials.SessionToken'
)
export
AWS_ACCESS_KEY_ID
=
$id
export
AWS_SECRET_ACCESS_KEY
=
$key
export
AWS_SESSION_TOKEN
=
$session_token
export
AWS_ACCESS_KEY_ID
=
$id
\
export
AWS_SECRET_ACCESS_KEY
=
$key
\
export
AWS_SESSION_TOKEN
=
$session_token
\
}
aws_do
()
{
...
...
@@ -43,7 +39,7 @@ aws_sts_do () {
AWS_ROLE_NAME
=
$3
export
AWS_ACCESS_KEY_ID
=
$(
gpg
--quiet
-d
${
HOME
}
/.aws/
$1_id
.asc
)
export
AWS_SECRET_ACCESS_KEY
=
$(
gpg
--quiet
-d
${
HOME
}
/.aws/
$1_key
.asc
)
token
=
$(
aws sts assume-role
--role-arn
"arn:aws:iam::
${
AWS_ACCOUNT_NUMBER
}
:role/
$AWS_ROLE_NAME
"
--role-session-name
$USER
NAME
-
$AWS_ROLE_NAME
-workstation
--duration-seconds
900
)
token
=
$(
aws sts assume-role
--role-arn
"arn:aws:iam::
${
AWS_ACCOUNT_NUMBER
}
:role/
$AWS_ROLE_NAME
"
--role-session-name
$USER
-
$AWS_ROLE_NAME
-workstation
--duration-seconds
900
)
unset
AWS_ACCESS_KEY_ID
unset
AWS_SECRET_ACCESS_KEY
unset
AWS_SESSION_TOKEN
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
