Assume an AWS IAM role from AWS API credentials in environment variables.
I like to use envdir when selecting AWS API keys for CLI usage. Assuming IAM roles is awkward on the CLI as you have to get the temporary role credentials via aws sts assume-role and manually extract them to an envdir or environment variables prior to running anything. I wrote envassume to give an envdir-like experience when assuming roles. It uses the current credentials to perform the STS request then extracts and replaces the environment variables with the temporary credentials for the child command e.g.
envassume arn:aws:iam::123456789012:role/example aws s3 ls
with an external ID e.g.
envassume -i external_id arn:aws:iam::123456789012:role/example aws s3 ls
The ARN and external ID can be set in the environment variables AWS_ASSUME_ROLE and AWS_ASSUME_ID e.g.
AWS_ASSUME_ROLE=arn:aws:iam::123456789012:role/example AWS_ASSUME_ID=external_id envassume aws s3 ls
Please note, if the ARN is set by environment variable, then no other envassume options can be set.
I was lucky enough to attend the Continuous Lifecycle London conference recently, a great mix of talks on the culture, practices and technology of devops and continuous delivery at scale, all of which I find …
Keepuppy is a Python script/package I hacked together to keep
database files in sync across multiple clients via an SFTP server. It can also be configured to call a script when the
local file is updated. A script for restarting KeePassX on OS X is …