The problem: You want to be able to have short term credentials to your AWS account for security
The solution: AWS STS and aws-sts.rb
This supports ~/.aws/config making this tool easier to set-up.
Roles are assumed, or session tokens are simply acquired (if --no-role is
specified) via the [AssumeRole][assume-role] or the
[GetSessionToken][get-session-token] AWS STS API calls. After this, your
command or shell is launched with the standard AWS credential chain environment
variables set:
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_SESSION_TOKEN
Install the tool:
gem install aws-stsaws-sts <role>
Setup a profile for each role you'd like to use in your ~/.aws/config.
[profile account]
region = eu-west-2
[profile dev]
region = eu-north-1
role_arn = arn:aws:iam::1999:role/admin
source_profile = accountAnd then in your ~/.aws/credentials
[account]
aws_access_key_id=XXXXXX
aws_secret_access_key=XXX$ ./aws-sts <role>
export AWS_ACCESS_KEY_ID=SXXXX
export AWS_SECRET_ACCESS_KEY=XXXX
export AWS_SESSION_TOKEN=XXXX
export ASSUMED_ROLE=dev
# run eval $(ruby aws-sts.rb <profile>)By default the credentials last for 3600 seconds or 1 hour.