Skip to content
🤖🎩assume-role-arn allows you to easily assume an AWS IAM role in your CI/CD pipelines, without worrying about external dependencies.
Branch: master
Clone or download
mescam Merge pull request #3 from jkrajniak/fix/syscall-exec-arguments
Passing full list of argv to Execve function
Latest commit 718bc25 Jan 30, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
cmd/assume-role-arn execve called by syscall.Exec expected that the argv[0] should contain Jan 29, 2019
.gitignore initial commit Nov 26, 2018
.travis.yml removed travis key Nov 28, 2018
Gopkg.lock initial commit Nov 26, 2018
Gopkg.toml initial commit Nov 26, 2018 fixed typo Nov 28, 2018


Build Status

assume-role-arn is a simple golang binary that can be used in CI/CD pipelines, so you don't need any external dependencies while assuming cross-account roles from your environment. No need to install python/awscli and jq.

Main features

  • no need to setup awscli profiles
  • no dependencies, released as binary
  • ability to execute in-line commands
  • supports external id
  • supports source profile in shared credentials files
  • made with ❤️ in Nordcloud


$ eval $(assume-role-arn -r <role_arn>)
$ aws sts get-caller-identity


$ assume-role-arn -r <role_arn> aws sts get-caller-identity

Available flags:

  • -r role_arn - required, role ARN
  • -e external_id - optional, if you need to specify external id
  • -n role_session_name - probably you don't need this
  • -h - help

CI/CD pipeline example

Let's say we have three AWS accounts:

  • iam
  • stg
  • prod

You have your IAM deployment user only on iam account, but it can assume cross-account roles in prod and stg accounts. Make sure you have your AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY exported in your pipeline's env variables.

Go to Releases and select binary from the last release you want to use. For v0.2 and linux it would be

Add following steps in the beginning of your deployment script:

curl -o /usr/local/bin/assume-role-arn
chmod +x /usr/local/bin/assume-role-arn

eval $(assume-role-arn -r arn:aws:iam::ACCOUNT_NUMBER_STG:role/Deployment)

Please adjust output path of curl command and role ARN according to your needs.

Now you should be able to execute AWS-related commands with your assumed role.


  • Jakub Woźniak, Nordcloud 🇵🇱
You can’t perform that action at this time.