Reputation: 18770
AWS CLI assume-role followed by other commands
I would like to do something like
aws sts assume-role ...
aws s3 ... --profile (assumed role from above command)
Is there a good way to get the output of assume-role in a format that can be readily consumed into subsequent AWS CLI commands?
Upvotes: 6
Views: 5757
Answers (1)
Reputation: 78573
I'm not aware of an AWS-provided mechanism to take the output of aws sts assume-role and persist it either into your environment variables or as a profile in ~/.aws/credentials.
You can, however, simply assume the role each and every time you invoke the awscli. This will generate new credentials each time, but that's not a problem in my experience. For example, in ~/.aws/config:
[profile qa]
region = us-east-1
role_arn=arn:aws:iam::123456789012:role/s3-ec2-readonly
source_profile=wrschneider
And in ~/.aws/credentials:
[wrschneider]
aws_access_key_id = abc
aws_secret_access_key = xyz
Then you can invoke with the assumed role like this:
aws s3 ls --profile qaaws ec2 describe-instances --profile qa
Or simply set/export AWS_PROFILE=qa in your environment and run:
aws s3 lsaws ec2 describe-instances
If you don't like that option, there are a few third-party options that will push the STS credentials into your environment:
- aws-sts-assumerole
- awssudo
- shell script as suggested by @Christian
Upvotes: 5
Related Questions
- bash script for AWS assume-role
- AWS sts assume role in one command
- aws cli assume-role works but still get permission denied on s3
- Credential named assume-role-with-web-identity not found
- Can't assume role in AWS CLI, even with trust relationship
- How to use EC2 instance role wht Aws Cli
- how to create "role" with "Another AWS account" role type by cli command?
- AWS Role being assumed not being used for future CLI Commands
- Can i use aws-cli with assigning roles?
- Assigning role when creating new EC2 instance through AWS CLI