-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathawscli
executable file
·33 lines (27 loc) · 1.16 KB
/
awscli
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#!/bin/bash
set -euo pipefail
# Initialise AWS CLI
aws configure set region "${OKTA_AWS_DEFAULT_REGION:-ap-southeast-2}"
# Primary OKTA login
java "-Duser.home=${HOME}" \
-classpath /usr/bin/okta-aws-cli.jar com.okta.tools.awscli \
--profile "${OKTA_AWS_PROFILE:-default}" sts get-caller-identity
# Assume role if specified
if [ -n "${AWS_ASSUME_ROLE_ARN:-}" ]; then
echo -e "\nAssuming role as: ${AWS_ASSUME_ROLE_ARN}"
assumed_role_details=$(aws sts assume-role \
--role-arn "${AWS_ASSUME_ROLE_ARN}" \
--role-session-name "${AWS_ASSUME_SESSION_NAME:-OktaAssumeRole}" \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" \
--output text)
# Split results
aws_access_key_id=$(echo "${assumed_role_details}" | cut -f1)
aws_secret_access_key=$(echo "${assumed_role_details}" | cut -f2)
aws_session_token=$(echo "${assumed_role_details}" | cut -f3)
# Set aws credentials
aws configure set aws_access_key_id "${aws_access_key_id}"
aws configure set aws_secret_access_key "${aws_secret_access_key}"
aws configure set aws_session_token "${aws_session_token}"
# Print out secondary role information
aws sts get-caller-identity
fi