Aller au contenu

Assumer in Role#

Exemple pour assumer un nouveau role

Références#

Exemple#

Bash
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
# Variables
ROLE_ARN="arn:aws:iam::123456789012:role/YourRoleName"
ROLE_SESSION_NAME="YourSessionName"

# Assume the role
ASSUME_ROLE_OUTPUT=$(aws sts assume-role --role-arn "$ROLE_ARN" --role-session-name "$ROLE_SESSION_NAME")

# Extract & Export the credentials
export AWS_ACCESS_KEY_ID=$(echo $ASSUME_ROLE_OUTPUT | jq -r '.Credentials.AccessKeyId')
export AWS_SECRET_ACCESS_KEY=$(echo $ASSUME_ROLE_OUTPUT | jq -r '.Credentials.SecretAccessKey')
export AWS_SESSION_TOKEN=$(echo $ASSUME_ROLE_OUTPUT | jq -r '.Credentials.SessionToken')

# Output the assumed role details
echo "Assumed role: $ROLE_ARN"
echo "Session name: $ROLE_SESSION_NAME"
Python
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
import boto3
import os

# Variables
ROLE_ARN="arn:aws:iam::123456789012:role/YourRoleName"
ROLE_SESSION_NAME="YourSessionName"

# Assume the role
client = boto3.client('sts')
response = client.assume_role(
    RoleArn=ROLE_ARN,
    RoleSessionName=ROLE_SESSION_NAME
)

# Extract the credentials
credentials = response['Credentials']
AWS_ACCESS_KEY_ID = credentials['AccessKeyId']
AWS_SECRET_ACCESS_KEY = credentials['SecretAccessKey']
AWS_SESSION_TOKEN = credentials['SessionToken']

# Export the credentials as environment variables
os.environ['AWS_ACCESS_KEY_ID'] = AWS_ACCESS_KEY_ID
os.environ['AWS_SECRET_ACCESS_KEY'] = AWS_SECRET_ACCESS_KEY
os.environ['AWS_SESSION_TOKEN'] = AWS_SESSION_TOKEN

# Output the assumed role details
print(f"Assumed role: {ROLE_ARN}")
print(f"Session name: {ROLE_SESSION_NAME}")
Bash
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
function setup_aws_credentials() {
    local stscredentials
    if [[ ! -z "${ASSUMEROLE}" ]]
    then
        stscredentials=$(aws sts assume-role \
            --role-arn "${ASSUMEROLE}" \
            --role-session-name something \
            --query '[Credentials.SessionToken,Credentials.AccessKeyId,Credentials.SecretAccessKey]' \
            --output text)

        AWS_ACCESS_KEY_ID=$(echo "${stscredentials}" | awk '{print $2}')
        AWS_SECRET_ACCESS_KEY=$(echo "${stscredentials}" | awk '{print $3}')
        AWS_SESSION_TOKEN=$(echo "${stscredentials}" | awk '{print $1}')
        AWS_SECURITY_TOKEN=$(echo "${stscredentials}" | awk '{print $1}')
        export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_SECURITY_TOKEN
    fi
}