From 74cd277b99399412d59bf7e0406671a939a3d5ee Mon Sep 17 00:00:00 2001 From: John Lin Date: Mon, 16 Sep 2019 11:21:17 +0800 Subject: [PATCH 1/2] add roleArn support --- main.go | 4 ++++ util.go | 9 +++++++++ 2 files changed, 13 insertions(+) diff --git a/main.go b/main.go index 12c00eb7..edac901d 100644 --- a/main.go +++ b/main.go @@ -27,6 +27,10 @@ func Main(args []string) int { Name: "profile", Usage: "profile to use from credentials file", }, + cli.StringFlag{ + Name: "role-arn", + Usage: "AWS role ARN to assume", + }, cli.StringFlag{ Name: "endpoint-url", Usage: "override Route53 endpoint (hostname or fully qualified URI)", diff --git a/util.go b/util.go index e0f4d983..130588f0 100644 --- a/util.go +++ b/util.go @@ -15,6 +15,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/credentials/stscreds" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/route53" ) @@ -70,6 +71,14 @@ func getService(c *cli.Context) (*route53.Route53, error) { if err != nil { return nil, err } + roleARN := c.String("role-arn") + if roleARN != "" { + roleCreds := stscreds.NewCredentials(sess, roleARN) + if err != nil { + return nil, err + } + config.Credentials = roleCreds + } return route53.New(sess, config), nil } From 1621c37eef1a1ead7ff47328d079b9287af98b44 Mon Sep 17 00:00:00 2001 From: John Lin Date: Wed, 18 Sep 2019 15:30:03 +0800 Subject: [PATCH 2/2] update document about role-arn --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index 828f447a..f7ab4647 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,16 @@ You can switch between different sets in the credentials file by passing cli53 list --profile my_profile +You can also assume a specific role by passing `--role-arn` to any command. +For example: + + cli53 list --role-arn arn:aws:iam::123456789012:role/myRole + +You can combine role with profile. +For example: + + cli53 list --profile my_profile --role-arn arn:aws:iam::123456789012:role/myRole + For more information, see: http://blogs.aws.amazon.com/security/post/Tx3D6U6WSFGOK2H/A-New-and-Standardized-Way-to-Manage-Credentials-in-the-AWS-SDKs Note: for Alpine on Docker, the pre-built binaries do not work, so either use Debian, or follow the instructions below for Building from source.