-
Notifications
You must be signed in to change notification settings - Fork 1
/
.awstoken
executable file
·110 lines (96 loc) · 2.64 KB
/
.awstoken
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#!/usr/bin/env bash
# Copyright © 2018 Ivan Vandot <ivan@vandot.rs>
# All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
awstoken() {
local usage
usage=$(cat <<-END
Usage:
awstoken OPTION
Description:
Bash wrapper around awscli for easy temporary security credential generation for AWS API
Example:
awstoken -u user -t 123456 -a 012345678910
awstoken -p aws_profile -t 123456
Options:
-u, --user username
-t, --token token
-p, --profile profile [default]
-a, --account account-id
-d, --duration duration in s [43200]
-g, --gov; enable govcloud
-h, --help; display this help message
END
)
local user
local token
local profile="default"
local account
local duration=43200
local result
local gov
local aws_key
local aws_secret
local aws_token
local expiration
if [[ "$*" =~ (-h|--help) ]]; then
echo "$usage"
return 0
fi
# Fantastic solution from Bruno Bronosky - http://stackoverflow.com/a/14203146
while [[ $# -gt 1 ]]; do
key="$1"
case "${key}" in
-u|--user)
user="${2}"
shift
;;
-t|--token)
token="${2}"
shift
;;
-p|--profile)
profile="${2}"
shift
;;
-a|--account)
account="${2}"
shift
;;
-d|--duration)
duration="${2}"
shift
;;
-g|--gov)
gov="-us-gov"
;;
*)
usage
;;
esac
shift
done
if [[ -z ${user} ]]; then
user=$(awk "/\\[${profile}\\]/{flag=1;next}/\\[/{flag=0}flag" ~/.aws/credentials | awk -F "=" '/user/ {print $2}' - | tr -d ' ')
fi
if [[ -z ${account} ]]; then
account=$(awk "/\\[${profile}\\]/{flag=1;next}/\\[/{flag=0}flag" ~/.aws/credentials | awk -F "=" '/account/ {print $2}' - | tr -d ' ')
fi
if [[ -z ${user} || -z ${token} || -z ${account} ]]; then
printf "\\nYou must set user, token and account!\\n\\n"
return 1
fi
result=$(aws sts get-session-token --profile "${profile}" --duration-seconds "${duration}" --token-code "${token}" --serial-number arn:aws"${gov}":iam::"${account}":mfa/"${user}" --output text)
aws_key=$(echo "$result" | awk '{print $2}')
aws_secret=$(echo "$result" | awk '{print $4}')
aws_token=$(echo "$result" | awk '{print $5}')
expiration=$(echo "$result" | awk '{print $3}')
if [[ -n $result ]]; then
export AWS_ACCESS_KEY_ID=$aws_key
export AWS_SECRET_ACCESS_KEY=$aws_secret
export AWS_SESSION_TOKEN=$aws_token
printf "Expiration time: %s\\n" "${expiration}"
printf "Temporary credentials set!\\n\\n"
fi
}