From f94ed8665b7112c0e3345a4c3cdb256cbd65f4dd Mon Sep 17 00:00:00 2001
From: Joshua David Akers <akers@vt.edu>
Date: Thu, 21 Dec 2023 14:47:40 +0000
Subject: [PATCH] [PLATFORM-2170] add aws_sts_set function

---
 aws-sts-client.sh | 26 +++++++++++---------------
 1 file changed, 11 insertions(+), 15 deletions(-)

diff --git a/aws-sts-client.sh b/aws-sts-client.sh
index 55e1b91..1e44d7f 100644
--- a/aws-sts-client.sh
+++ b/aws-sts-client.sh
@@ -1,19 +1,15 @@
-aws_token_create () {
-
-  if [ -z "$AWS_STS_TIMEOUT" ]
-  then
-        AWS_STS_TIMEOUT=900
-  fi
-
+aws_sts_set () {
+  # Example usage:
+  # aws_sts_do <master-account> <account-to-be-managed> <role-name>
+  # aws_sts_do vtnis-ss 541585145005 NISAdmin
   unset AWS_ACCESS_KEY_ID
   unset AWS_SECRET_ACCESS_KEY
   unset AWS_SESSION_TOKEN
-
+  AWS_ACCOUNT_NUMBER=$2
+  AWS_ROLE_NAME=$3
   export AWS_ACCESS_KEY_ID=$(gpg --quiet -d ${HOME}/.aws/$1_id.asc)
   export AWS_SECRET_ACCESS_KEY=$(gpg --quiet -d ${HOME}/.aws/$1_key.asc)
-
-  token=$(aws sts assume-role --role-arn $AWS_ROLE_ARN --role-session-name $USERNAME-$AWS_ROLE_NAME-workstation --duration-seconds $AWS_STS_TIMEOUT )
-
+  token=$(aws sts assume-role --role-arn "arn:aws:iam::${AWS_ACCOUNT_NUMBER}:role/$AWS_ROLE_NAME" --role-session-name $USER-$AWS_ROLE_NAME-workstation --duration-seconds 3600 )
   unset AWS_ACCESS_KEY_ID
   unset AWS_SECRET_ACCESS_KEY
   unset AWS_SESSION_TOKEN
@@ -22,9 +18,9 @@ aws_token_create () {
   key=$(echo $token | jq --raw-output '.Credentials.SecretAccessKey')
   session_token=$(echo $token | jq --raw-output '.Credentials.SessionToken')
 
-  export AWS_ACCESS_KEY_ID=$id
-  export AWS_SECRET_ACCESS_KEY=$key
-  export AWS_SESSION_TOKEN=$session_token
+  export AWS_ACCESS_KEY_ID=$id \
+  export AWS_SECRET_ACCESS_KEY=$key \
+  export AWS_SESSION_TOKEN=$session_token \
 }
 
 aws_do () {
@@ -43,7 +39,7 @@ aws_sts_do () {
   AWS_ROLE_NAME=$3
   export AWS_ACCESS_KEY_ID=$(gpg --quiet -d ${HOME}/.aws/$1_id.asc)
   export AWS_SECRET_ACCESS_KEY=$(gpg --quiet -d ${HOME}/.aws/$1_key.asc)
-  token=$(aws sts assume-role --role-arn "arn:aws:iam::${AWS_ACCOUNT_NUMBER}:role/$AWS_ROLE_NAME" --role-session-name $USERNAME-$AWS_ROLE_NAME-workstation --duration-seconds 900 )
+  token=$(aws sts assume-role --role-arn "arn:aws:iam::${AWS_ACCOUNT_NUMBER}:role/$AWS_ROLE_NAME" --role-session-name $USER-$AWS_ROLE_NAME-workstation --duration-seconds 900 )
   unset AWS_ACCESS_KEY_ID
   unset AWS_SECRET_ACCESS_KEY
   unset AWS_SESSION_TOKEN
-- 
GitLab