├── .github └── workflows │ └── linting.yml ├── .editorconfig ├── LICENSE.md ├── Makefile ├── README.md └── aws-export-assume-profile /.github/workflows/linting.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | name: linting 4 | on: 5 | pull_request: 6 | push: 7 | branches: 8 | - master 9 | tags: 10 | 11 | jobs: 12 | lint: 13 | runs-on: ubuntu-latest 14 | strategy: 15 | fail-fast: False 16 | matrix: 17 | target: 18 | - Linting 19 | name: "[ Lint: ${{ matrix.target }} ]" 20 | steps: 21 | - name: Checkout repository 22 | uses: actions/checkout@v2 23 | 24 | - name: Lint files 25 | run: | 26 | make lint-files 27 | 28 | - name: Lint shell 29 | run: | 30 | make lint-shell 31 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # top-most EditorConfig file 2 | root = true 3 | 4 | # Default for all files 5 | [*] 6 | charset = utf-8 7 | end_of_line = lf 8 | indent_style = space 9 | indent_size = 4 10 | insert_final_newline = true 11 | trim_trailing_whitespace = true 12 | 13 | # Custom files 14 | [*.py] 15 | indent_style = space 16 | indent_size = 4 17 | 18 | [.sh}] 19 | indent_style = space 20 | indent_size = 4 21 | 22 | [Makefile] 23 | indent_style = tab 24 | indent_size = 4 25 | 26 | [*.{yml,yaml}] 27 | indent_style = space 28 | indent_size = 2 29 | 30 | [*.md] 31 | indent_style = space 32 | indent_size = 2 33 | trim_trailing_whitespace = false 34 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 cytopia 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | ifneq (,) 2 | .error This Makefile requires GNU Make. 3 | endif 4 | 5 | 6 | # ------------------------------------------------------------------------------------------------- 7 | # Default configuration 8 | # ------------------------------------------------------------------------------------------------- 9 | CURRENT_DIR = $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) 10 | 11 | # shellcheck 12 | SC_IMAGE = koalaman/shellcheck 13 | SC_VERSION = stable 14 | 15 | # file lint 16 | FL_IMAGE = cytopia/file-lint 17 | FL_VERSION = 0.4 18 | FL_IGNORES = .git/,.github/ 19 | 20 | BIN_DIR = /usr/local/bin 21 | 22 | 23 | # ------------------------------------------------------------------------------------------------- 24 | # Default target 25 | # ------------------------------------------------------------------------------------------------- 26 | .PHONY: help 27 | help: 28 | @echo "lint Lint files" 29 | @echo "install Install aws-export-assume-profile to $(BIN_DIR)" 30 | @echo "uninstall Remove aws-export-assume-profile from $(BIN_DIR)" 31 | 32 | 33 | # ------------------------------------------------------------------------------------------------- 34 | # Install target 35 | # ------------------------------------------------------------------------------------------------- 36 | .PHONY: install 37 | install: 38 | install -m 755 aws-export-assume-profile $(BIN_DIR)/aws-export-assume-profile 39 | 40 | .PHONY: uninstall 41 | uninstall: 42 | rm $(BIN_DIR)/aws-export-assume-profile 43 | 44 | 45 | # ------------------------------------------------------------------------------------------------- 46 | # Lint target 47 | # ------------------------------------------------------------------------------------------------- 48 | .PHONY: lint 49 | lint: lint-files 50 | lint: lint-shell 51 | 52 | .PHONY: lint-files 53 | lint-files: _pull-fl 54 | @# Lint all files 55 | @echo "################################################################################" 56 | @echo "# File lint" 57 | @echo "################################################################################" 58 | @docker run --rm $$(tty -s && echo "-it" || echo) -v $(CURRENT_DIR):/data $(FL_IMAGE):$(FL_VERSION) file-cr --text --ignore '$(FL_IGNORES)' --path . 59 | @docker run --rm $$(tty -s && echo "-it" || echo) -v $(CURRENT_DIR):/data $(FL_IMAGE):$(FL_VERSION) file-crlf --text --ignore '$(FL_IGNORES)' --path . 60 | @docker run --rm $$(tty -s && echo "-it" || echo) -v $(CURRENT_DIR):/data $(FL_IMAGE):$(FL_VERSION) file-trailing-single-newline --text --ignore '$(FL_IGNORES)' --path . 61 | @docker run --rm $$(tty -s && echo "-it" || echo) -v $(CURRENT_DIR):/data $(FL_IMAGE):$(FL_VERSION) file-trailing-space --text --ignore '$(FL_IGNORES)' --path . 62 | @docker run --rm $$(tty -s && echo "-it" || echo) -v $(CURRENT_DIR):/data $(FL_IMAGE):$(FL_VERSION) file-utf8 --text --ignore '$(FL_IGNORES)' --path . 63 | @docker run --rm $$(tty -s && echo "-it" || echo) -v $(CURRENT_DIR):/data $(FL_IMAGE):$(FL_VERSION) file-utf8-bom --text --ignore '$(FL_IGNORES)' --path . 64 | @echo 65 | 66 | .PHONY: lint-shell 67 | lint-shell: _pull-sc 68 | @# Lint all Shell files 69 | @echo "################################################################################" 70 | @echo "# Shellcheck" 71 | @echo "################################################################################" 72 | @if docker run --rm $$(tty -s && echo "-it" || echo) \ 73 | -v "${CURRENT_DIR}:/mnt" \ 74 | -w /mnt \ 75 | $(SC_IMAGE):$(SC_VERSION) --shell=bash aws-export-assume-profile; then \ 76 | echo "OK"; \ 77 | else \ 78 | echo "Failed"; \ 79 | exit 1; \ 80 | fi; 81 | @echo 82 | 83 | 84 | # ------------------------------------------------------------------------------------------------- 85 | # Helper Targets 86 | # ------------------------------------------------------------------------------------------------- 87 | .PHONY: _pull-fl 88 | _pull-fl: 89 | docker pull $(FL_IMAGE):$(FL_VERSION) 90 | 91 | .PHONY: _pull-sc 92 | _pull-sc: 93 | docker pull $(SC_IMAGE):$(SC_VERSION) 94 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # aws-export-assume-profile 2 | 3 | `aws-export-assume-profile` is a bash script that will output AWS export statements of your chosen aws profile. In case you have to manage multiple AWS accounts that rely on different profiles, you can *activate* a chosen profile by making it available in your shell environment. 4 | 5 | This tool requires `aws` cli and retrieves credentials via `aws sts assume-role`. If you are looking for a way to export profiles already present in `~/.aws/credentials` have a look at **[aws-export-profile](https://github.com/cytopia/aws-export-profile)**. 6 | 7 | [![Build Status](https://github.com/cytopia/aws-export-assume-profile/workflows/linting/badge.svg)](https://github.com/cytopia/aws-export-assume-profile/actions?workflow=linting) 8 | ![Release](https://img.shields.io/github/release/cytopia/aws-export-assume-profile.svg) 9 | 10 | **Note:** Wrap the command in **`$(aws-export-assume-profile)`** to actually export your profiled environment variables. 11 | 12 | 13 | ## :question: But why? 14 | 15 | Most AWS related tools support profiles out of the box, such as the `aws-cli` (Example: `aws ec2 --profile `). However sometimes it is required to have your chosen aws profile available as shell variables. One of the use cases is when you use Docker and want a specific login available inside your container.: 16 | ```bash 17 | # Export staging aws profile 18 | user> $(aws-export-assume-profile staging) 19 | 20 | # Make AWS login available inside your Docker container 21 | user> docker run --rm -it \ 22 | --env AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID \ 23 | --env AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY \ 24 | --env AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION \ 25 | my-aws-docker 26 | ``` 27 | 28 | 29 | ## :arrow_forward: Available exports 30 | 31 | The following export variables are currently supported. 32 | 33 | | Variable | Description | 34 | |------------------------|-------------| 35 | | `AWS_ACCESS_KEY` | Access key | 36 | | `AWS_ACCESS_KEY_ID` | Alternative name for `AWS_ACCESS_KEY`| 37 | | `AWS_SECRET_KEY` | Secret key | 38 | | `AWS_SECRET_ACCESS_KEY`| Alternative name for `AWS_SECRET_KEY`| 39 | | `AWS_SESSION_TOKEN` | Session token | 40 | | `AWS_DELEGATION_TOKEN` | Alternative name for `AWS_SESSION_TOKEN` | 41 | | `AWS_SECURITY_TOKEN` | Secret token (unset only) | 42 | | `AWS_DEFAULT_REGION` | Region | 43 | 44 | > https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html 45 | 46 | 47 | 48 | ## :tada: Installation 49 | ```bash 50 | sudo make install 51 | ``` 52 | 53 | 54 | ## :bulb: Examples 55 | 56 | This tool simply output the exports to stdout. In order to auto-source them, wrap the command in **`$(...)`**. 57 | 58 | #### AWS profile `testing` 59 | 60 | ```bash 61 | user> aws-export-assume-profile testing 62 | 63 | export AWS_ACCESS_KEY_ID="XXXXXXXXXXXXXXXXXXXX" 64 | export AWS_ACCESS_KEY="XXXXXXXXXXXXXXXXXXXX" 65 | export AWS_SECRET_ACCESS_KEY="A1Bc/XXXXXXXXXXXXXXXXXXXXXXXXXXX" 66 | export AWS_SECRET_KEY="A1Bc/XXXXXXXXXXXXXXXXXXXXXXXXXXX" 67 | export AWS_DEFAULT_REGION="eu-central-1" 68 | ``` 69 | 70 | #### AWS profile `testing` with custom paths 71 | 72 | ```bash 73 | user> aws-export-assume-profile deploy /jenkins/aws/config 74 | 75 | export AWS_ACCESS_KEY_ID="XXXXXXXXXXXXXXXXXXXX" 76 | export AWS_ACCESS_KEY="XXXXXXXXXXXXXXXXXXXX" 77 | export AWS_SECRET_ACCESS_KEY="A1Bc/XXXXXXXXXXXXXXXXXXXXXXXXXXX" 78 | export AWS_SECRET_KEY="A1Bc/XXXXXXXXXXXXXXXXXXXXXXXXXXX" 79 | export AWS_DEFAULT_REGION="eu-central-1" 80 | ``` 81 | 82 | #### AWS profile `production` with more exports 83 | ```bash 84 | user> aws-export-assume-profile production 85 | 86 | export AWS_ACCESS_KEY_ID="XXXXXXXXXXXXXXXXXXXX" 87 | export AWS_ACCESS_KEY="XXXXXXXXXXXXXXXXXXXX" 88 | export AWS_SECRET_ACCESS_KEY="A1Bc/XXXXXXXXXXXXXXXXXXXXXXXXXXX" 89 | export AWS_SECRET_KEY="A1Bc/XXXXXXXXXXXXXXXXXXXXXXXXXXX" 90 | export AWS_SESSION_TOKEN="XXXXXXXXXXXXXXXXx/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXX=" 91 | export AWS_DEFAULT_REGION="eu-central-1" 92 | ``` 93 | 94 | #### Export AWS profile `production` 95 | ```bash 96 | user> $(aws-export-assume-profile production) 97 | 98 | # Validate 99 | user> env | grep AWS_ 100 | 101 | AWS_ACCESS_KEY_ID="XXXXXXXXXXXXXXXXXXXX" 102 | AWS_ACCESS_KEY="XXXXXXXXXXXXXXXXXXXX" 103 | AWS_SECRET_ACCESS_KEY="A1Bc/XXXXXXXXXXXXXXXXXXXXXXXXXXX" 104 | AWS_SECRET_KEY="A1Bc/XXXXXXXXXXXXXXXXXXXXXXXXXXX" 105 | AWS_SESSION_TOKEN="XXXXXXXXXXXXXXXXx/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXX=" 106 | AWS_DEFAULT_REGION="eu-central-1" 107 | ``` 108 | 109 | #### Unset all AWS_ variables 110 | ```bash 111 | user> $(aws-export-assume-profile -u) 112 | ``` 113 | 114 | 115 | ## :computer: Usage 116 | 117 | ```bash 118 | Usage: aws-export-assume-profile [profile] [config] 119 | aws-export-assume-profile --unset, -u 120 | aws-export-assume-profile --help, -h 121 | aws-export-assume-profile --version, -v 122 | 123 | This bash helper will output AWS export statements of your chosen aws profile. 124 | Wrap this script in $(aws-export-assume-profile) to export those environment variables. 125 | 126 | Optional parameter: 127 | [profile] AWS profile name to export. Default is 'default' 128 | [config] Path to your aws config file. 129 | If no config file is found, AWS_DEFAULT_REGION export will not be available. 130 | Default is ~/.aws/config 131 | 132 | Arguments: 133 | --unset, -u Unset currently set AWS variables from env 134 | --help, -h Show this help screen 135 | --version, -v Show version 136 | 137 | Available exports: 138 | AWS_ACCESS_KEY_ID 139 | AWS_ACCESS_KEY 140 | AWS_SECRET_ACCESS_KEY 141 | AWS_SECRET_KEY 142 | AWS_SESSION_TOKEN 143 | AWS_DELEGATION_TOKEN 144 | AWS_SECURITY_TOKEN (unset only) 145 | AWS_DEFAULT_REGION 146 | 147 | Examples to show output: 148 | aws-export-assume-profile testing 149 | aws-export-assume-profile production /jenkins/aws/config 150 | 151 | Examples to export: 152 | $(aws-export-assume-profile testing) 153 | $(aws-export-assume-profile production /jenkins/aws/config) 154 | 155 | Examples to unset all AWS variables 156 | $(aws-export-assume-profile -u) 157 | 158 | MIT License 159 | Copyright (c) 2019 cytopia 160 | https://github.com/cytopia/aws-export-assume-profile 161 | ``` 162 | 163 | 164 | ## :page_facing_up: License 165 | 166 | **[MIT License](LICENSE.md)** 167 | 168 | Copyright (c) 2019 [cytopia](https://github.com/cytopia) 169 | -------------------------------------------------------------------------------- /aws-export-assume-profile: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Be strict 4 | set -e 5 | set -u 6 | set -o pipefail 7 | 8 | 9 | # -------------------------------------------------------------------------------- 10 | # VARIABLES 11 | # -------------------------------------------------------------------------------- 12 | 13 | ### 14 | ### 15 | ### 16 | APP_VERSION="v0.4" 17 | APP_DATE="2023-11-01" 18 | APP_NAME="aws-export-assume-profile" 19 | 20 | 21 | ### 22 | ### User input 23 | ### 24 | PROFILE="${1:-default}" 25 | CONFIG="${2:-${HOME}/.aws/config}" 26 | 27 | 28 | ### 29 | ### Will be populated from AWS profile 30 | ### 31 | ROLE_ARN= 32 | SOURCE_PROFILE= 33 | REGION= 34 | DURATION_SECONDS=3600 35 | 36 | 37 | # -------------------------------------------------------------------------------- 38 | # FUNCTIONS 39 | # -------------------------------------------------------------------------------- 40 | 41 | ### 42 | ### Return bash compatible unsets to remove AWS env variables 43 | ### 44 | function unset_environment { 45 | echo "unset AWS_ACCESS_KEY_ID" 46 | echo "unset AWS_ACCESS_KEY" 47 | echo "unset AWS_SECRET_ACCESS_KEY" 48 | echo "unset AWS_SECRET_KEY" 49 | echo "unset AWS_SESSION_TOKEN" 50 | echo "unset AWS_DELEGATION_TOKEN" 51 | echo "unset AWS_SECURITY_TOKEN" 52 | echo "unset AWS_DEFAULT_REGION" 53 | } 54 | 55 | 56 | ### 57 | ### Extract value from aws sts assume-role JSON output 58 | ### 59 | ### @param str sts-assume-role JSON output 60 | ### @param key JSON key to get value for 61 | ### @outputs value for JSON key 62 | ### 63 | function json_get_key { 64 | local str="${1}" 65 | local key="${2}" 66 | 67 | echo "${str}" \ 68 | | grep "\"${key}\"" \ 69 | | awk -F':' '{print $2}' \ 70 | | awk -F'"' '{print $2}' 71 | } 72 | 73 | 74 | ### 75 | ### Remove leading and trailing whitespace 76 | ### 77 | ### @param str String to trim 78 | ### @outputs Trimmed string 79 | ### 80 | function trim { 81 | local var="${1}" 82 | # remove leading whitespace characters 83 | var="${var#"${var%%[![:space:]]*}"}" 84 | # remove trailing whitespace characters 85 | var="${var%"${var##*[![:space:]]}"}" 86 | printf '%s' "${var}" 87 | } 88 | 89 | 90 | ### 91 | ### Extract AWS profile information 92 | ### 93 | ### @param config Path to .aws/config 94 | ### @param profile Name of AWS profile 95 | ### @returns Success if profile was found, otherwise failure 96 | ### 97 | function extract_aws_profile { 98 | local config="${1}" 99 | local profile="${2}" 100 | 101 | local regex_profile_start="^[[:space:]]*\[[[:space:]]*profile[[:space:]][[:space:]]*${profile}[[:space:]]*\][[:space:]]*\$" 102 | local regex_profile_end="^[[:space:]]*\[" 103 | local start=0 104 | local end=0 105 | 106 | if [ "${profile}" = "default" ]; then 107 | regex_profile_start="^[[:space:]]*\[[[:space:]]*default[[:space:]]*\][[:space:]]*\$" 108 | fi 109 | 110 | while read -r line; do 111 | # Find the start of the profile 112 | if [[ "${line}" =~ ${regex_profile_start} ]]; then 113 | start=1 114 | continue 115 | fi 116 | # Find the end of the profile 117 | if [ "${start}" -eq "1" ]; then 118 | if [[ "${line}" =~ ${regex_profile_end} ]]; then 119 | end=1 120 | break 121 | fi 122 | fi 123 | # In profile 124 | if [ "${start}" -eq "1" ] && [ "${end}" -eq "0" ]; then 125 | # Get RoleArn 126 | if [[ "${line}" =~ ^[[:space:]]*role_arn[[:space:]]*= ]]; then 127 | ROLE_ARN="${line#*=}" 128 | ROLE_ARN="$( trim "${ROLE_ARN}" )" 129 | fi 130 | # Get Source Profile 131 | if [[ "${line}" =~ ^[[:space:]]*source_profile[[:space:]]*= ]]; then 132 | SOURCE_PROFILE="${line#*=}" 133 | SOURCE_PROFILE="$( trim "${SOURCE_PROFILE}" )" 134 | fi 135 | # Get Region 136 | if [[ "${line}" =~ ^[[:space:]]*region[[:space:]]*= ]]; then 137 | REGION="${line#*=}" 138 | REGION="$( trim "${REGION}" )" 139 | fi 140 | # Get Login duration 141 | if [[ "${line}" =~ ^[[:space:]]*duration_seconds[[:space:]]*= ]]; then 142 | DURATION_SECONDS="${line#*=}" 143 | DURATION_SECONDS="$( trim "${DURATION_SECONDS}" )" 144 | fi 145 | fi 146 | done < "${config}" 147 | 148 | # Return 1 if no profile was found 149 | if [ "${start}" -eq "0" ]; then 150 | return 1 151 | fi 152 | } 153 | 154 | 155 | # -------------------------------------------------------------------------------- 156 | # ENTRYPOINT 157 | # -------------------------------------------------------------------------------- 158 | 159 | ### 160 | ### Evalute user input 161 | ### 162 | if [ "${#}" -gt "0" ]; then 163 | case "${1}" in 164 | -u|--unset) 165 | unset_environment 166 | exit 0 167 | ;; 168 | 169 | -v|--version) 170 | cat << EOF 171 | ${APP_NAME}: Version ${APP_VERSION} (${APP_DATE}) 172 | EOF 173 | exit 0 174 | ;; 175 | 176 | -h|--help) 177 | cat << EOF 178 | Usage: ${APP_NAME} [profile] [config] 179 | ${APP_NAME} --unset, -u 180 | ${APP_NAME} --help, -h 181 | ${APP_NAME} --version, -v 182 | 183 | This bash helper will output AWS export statements of your chosen aws profile. 184 | Wrap this script in \$(${APP_NAME}) to export those environment variables. 185 | 186 | Optional parameter: 187 | [profile] AWS profile name to export. Default is 'default' 188 | [config] Path to your aws config file. 189 | If no config file is found, AWS_DEFAULT_REGION export will not be available. 190 | Default is ~/.aws/config 191 | 192 | Arguments: 193 | --unset, -u Unset currently set AWS variables from env 194 | --help, -h Show this help screen 195 | --version, -v Show version 196 | 197 | Available exports: 198 | AWS_ACCESS_KEY_ID 199 | AWS_ACCESS_KEY 200 | AWS_SECRET_ACCESS_KEY 201 | AWS_SECRET_KEY 202 | AWS_SESSION_TOKEN 203 | AWS_DELEGATION_TOKEN 204 | AWS_SECURITY_TOKEN (unset only) 205 | AWS_DEFAULT_REGION 206 | 207 | Examples to show output: 208 | ${APP_NAME} testing 209 | ${APP_NAME} production /jenkins/aws/config 210 | 211 | Examples to export: 212 | \$(${APP_NAME} testing) 213 | \$(${APP_NAME} production /jenkins/aws/config) 214 | 215 | Examples to unset all AWS variables 216 | \$(${APP_NAME} -u) 217 | 218 | MIT License 219 | Copyright (c) 2019 cytopia 220 | https://github.com/cytopia/aws-export-assume-profile 221 | EOF 222 | exit 0 223 | ;; 224 | 225 | *) 226 | esac 227 | fi 228 | 229 | 230 | ### 231 | ### Pre-flight check 232 | ### 233 | if ! command -v aws >/dev/null 2>&1; then 234 | >&2 echo "Error, aws binary not found but required" 235 | exit 1 236 | fi 237 | 238 | 239 | ### 240 | ### Extract and populate profile variables 241 | ### 242 | if ! extract_aws_profile "${CONFIG}" "${PROFILE}"; then 243 | >&2 echo "Error, profile '${PROFILE}' not found in: ${CONFIG}" 244 | exit 1 245 | fi 246 | 247 | 248 | ### 249 | ### Retrieve credentials from AWS for profile 250 | ### 251 | OUTPUT="$( 252 | aws sts assume-role \ 253 | --profile "${SOURCE_PROFILE}" \ 254 | --role-arn "${ROLE_ARN}" \ 255 | --duration-seconds "${DURATION_SECONDS}" \ 256 | --role-session-name "${PROFILE}" 257 | )" 258 | 259 | 260 | ### 261 | ### Extract credentials 262 | ### 263 | AWS_SECRET_ACCESS_KEY="$( json_get_key "${OUTPUT}" "SecretAccessKey" )" 264 | AWS_ACCESS_KEY="$( json_get_key "${OUTPUT}" "AccessKeyId" )" 265 | AWS_SESSION_TOKEN="$( json_get_key "${OUTPUT}" "SessionToken" )" 266 | 267 | 268 | ### 269 | ### Set credentials 270 | ### 271 | if [ -n "${AWS_SECRET_ACCESS_KEY}" ]; then 272 | echo "export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" 273 | echo "export AWS_SECRET_KEY=${AWS_SECRET_ACCESS_KEY}" 274 | fi 275 | if [ -n "${AWS_ACCESS_KEY}" ]; then 276 | echo "export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY}" 277 | echo "export AWS_ACCESS_KEY=${AWS_ACCESS_KEY}" 278 | fi 279 | if [ -n "${AWS_SESSION_TOKEN}" ]; then 280 | echo "export AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}" 281 | echo "export AWS_DELEGATION_TOKEN=${AWS_SESSION_TOKEN}" 282 | fi 283 | if [ -n "${REGION}" ]; then 284 | echo "export AWS_DEFAULT_REGION=${REGION}" 285 | fi 286 | --------------------------------------------------------------------------------