Setting AWS AssumeRole Credential
$ git clone https://github.com/m120/aws-assume_role-cred
make config.rb
$ cp example_config.rb config.rb
$ vi config.rb
$ ruby ./assume_role_cred.rb -a {AWS Acount} -r {Role} -u {username} -m {MFA TOKEN}
-
Example:
- Exec:
$ ruby ./assume_role_cred.rb -a section-01 -r admin -u john.snow -m 12345 [section-01-admin] aws_access_key_id = ASASDFGHJKLQWERTYUI3 aws_secret_access_key = ASdfgHjkLQwwertYUI/zXCVB0NMASFgH2jklQwER role_arn = arn:aws:iam::123456789012:role/adminrole mfa_serial = arn:aws:iam::987654321098:mfa/john.snow region = ap-northeast-1 source_profile = default- Copy result to ~/.aws/credential
$ vi ~/.aws/credential ~ snip ~ [section-01-admin] aws_access_key_id = ASASDFGHJKLQWERTYUI3 aws_secret_access_key = ASdfgHjkLQwwertYUI/zXCVB0NMASFgH2jklQwER role_arn = arn:aws:iam::123456789012:role/adminrole mfa_serial = arn:aws:iam::987654321098:mfa/john.snow region = ap-northeast-1 source_profile = default- Check:
$ aws --prof section-01-admin s3 ls Enter MFA code for arn:aws:iam::987654321098:mfa/john.snow: {MFA Toke} 2019-06-12 06:15:30 examplebuckets -
Options:
$ ruby ./assume_role_cred.rb
Usage: assume_role_cred [options]
-a, --aws_acnt AWS account (Default: default) / AWS Account List: --list_aws_acnt
-r, --role Role (Default: admin) / Role List: --list_role
-u, --user value IAM Username (Require)
-m, --mfa_token integer MFA TokeCode (Require)
--region value AWS Region (Default: ap-northeast-1)
--list_aws_acnt List: AWS Account
--list_role List: Role
- auto append credentialfile