Fix
This commit is contained in:
parent
8e93e142bd
commit
875e521922
|
@ -12,14 +12,16 @@
|
||||||
# Configure below variables.
|
# Configure below variables.
|
||||||
#
|
#
|
||||||
|
|
||||||
# This profile name must be different among any other profiles oyu have defined in your
|
# Below two values are REQUIRED
|
||||||
# config and credentials file.
|
|
||||||
PROFILE_NAME=
|
PROFILE_NAME=
|
||||||
ROLE_NAME=
|
ROLE_NAME=
|
||||||
|
|
||||||
# If left empty, will be deduced from `aws sts get-caller-identity` output.
|
# If left empty, will be deduced from `aws sts get-caller-identity` output.
|
||||||
ACCOUNT_NUMBER=
|
ACCOUNT_NUMBER=
|
||||||
|
|
||||||
|
# If left empty, will use ROLE_NAME
|
||||||
|
SESSION_NAME=
|
||||||
|
|
||||||
# If you leave this field empty - it will be deduced from `aws sts get-caller-identity` output
|
# If you leave this field empty - it will be deduced from `aws sts get-caller-identity` output
|
||||||
#SERIAL_MFA=arn:aws:iam::<NUMBER>:mfa/<USER-NAME>
|
#SERIAL_MFA=arn:aws:iam::<NUMBER>:mfa/<USER-NAME>
|
||||||
SERIAL_MFA=
|
SERIAL_MFA=
|
||||||
|
@ -49,6 +51,9 @@ if [[ "$ACCOUNT_NUMBER" = "" ]]; then
|
||||||
ACCOUNT_NUMBER=$(echo "$out" | python3 -c "import sys,json; foo=json.loads(sys.stdin.read()); print(foo['Account'])" )
|
ACCOUNT_NUMBER=$(echo "$out" | python3 -c "import sys,json; foo=json.loads(sys.stdin.read()); print(foo['Account'])" )
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ "$SESSION_NAME" = "" ]]; then
|
||||||
|
SESSION_NAME=$ROLE_NAME
|
||||||
|
fi
|
||||||
|
|
||||||
ROLE_ARN=arn:aws:iam::$ACCOUNT_NUMBER:role/$ROLE_NAME
|
ROLE_ARN=arn:aws:iam::$ACCOUNT_NUMBER:role/$ROLE_NAME
|
||||||
|
|
||||||
|
@ -59,7 +64,7 @@ echo
|
||||||
|
|
||||||
if [[ "$code" = "" ]] || [[ "$SERIAL_MFA" == "" ]]; then
|
if [[ "$code" = "" ]] || [[ "$SERIAL_MFA" == "" ]]; then
|
||||||
echo "[.] MFA not provided, will attempt to assume role without it."
|
echo "[.] MFA not provided, will attempt to assume role without it."
|
||||||
out=$(aws --profile $PROFILE_NAME sts assume-role --role-arn $ROLE_ARN --role-session-name $ROLE_NAME --duration-seconds $DURATION 2>&1)
|
out=$(aws --profile $PROFILE_NAME sts assume-role --role-arn $ROLE_ARN --role-session-name $SESSION_NAME --duration-seconds $DURATION 2>&1)
|
||||||
else
|
else
|
||||||
echo "[.] Will attempt to assume role with MFA provided."
|
echo "[.] Will attempt to assume role with MFA provided."
|
||||||
out=$(aws --profile $PROFILE_NAME sts assume-role --serial-number $SERIAL_MFA --role-arn $ROLE_ARN --role-session-name $ROLE_NAME --duration-seconds $DURATION --token-code $code 2>&1)
|
out=$(aws --profile $PROFILE_NAME sts assume-role --serial-number $SERIAL_MFA --role-arn $ROLE_ARN --role-session-name $ROLE_NAME --duration-seconds $DURATION --token-code $code 2>&1)
|
||||||
|
@ -70,7 +75,7 @@ if [ $? -eq 0 ]; then
|
||||||
echo "[+] Collected session credentials. They will be valid for: $valid. "
|
echo "[+] Collected session credentials. They will be valid for: $valid. "
|
||||||
echo -e "\tPaste below lines to your '~/.aws/credentials' file:"
|
echo -e "\tPaste below lines to your '~/.aws/credentials' file:"
|
||||||
echo
|
echo
|
||||||
echo "[$PROFILE_NAME-$ROLE_NAME]"
|
echo "[$PROFILE_NAME-$SESSION_NAME]"
|
||||||
echo "$out" | python3 -c 'import sys,json; foo=json.loads(sys.stdin.read()); print("aws_access_key_id={}\naws_secret_access_key={}\naws_session_token={}".format(foo["Credentials"]["AccessKeyId"],foo["Credentials"]["SecretAccessKey"],foo["Credentials"]["SessionToken"]))'
|
echo "$out" | python3 -c 'import sys,json; foo=json.loads(sys.stdin.read()); print("aws_access_key_id={}\naws_secret_access_key={}\naws_session_token={}".format(foo["Credentials"]["AccessKeyId"],foo["Credentials"]["SecretAccessKey"],foo["Credentials"]["SessionToken"]))'
|
||||||
echo
|
echo
|
||||||
else
|
else
|
||||||
|
@ -86,4 +91,4 @@ else
|
||||||
echo
|
echo
|
||||||
fi
|
fi
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
Loading…
Reference in New Issue