feat(assume-role): Provide script for AssumeRoleWithWebIdentity

cookielab · Jul 12, 2024 · 9405bd7 · 9405bd7
1 parent f1b7463
commit 9405bd7
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -8,3 +8,8 @@
 ## Scripts
 
 - `deploy-s3-cf` - for deploying static site to S3 and CloudFront
+- `assume-role` - Script for AssumeRoleWithWebIdentity
+    - Requirements:
+        - `$AWS_ROLE_ARN` = ENV variable for Role ARN
+        - `$AWS_ROLE_SESSION_NAME` = ENV variable for session name
+        - `$OIDC_TOKEN` = ENV variable for providing OIDC token
diff --git a/scripts/assume-role.sh b/scripts/assume-role.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_SESSION_EXPIRATION
+
+read -r AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_SESSION_EXPIRATION < <(
+    aws sts assume-role-with-web-identity \
+        --role-arn "${AWS_ROLE_ARN}" \
+        --role-session-name "${AWS_ROLE_SESSION_NAME}" \
+        --web-identity-token "${OIDC_TOKEN}" \
+        --duration-seconds 900 \
+        --query 'Credentials.[AccessKeyId,SecretAccessKey,SessionToken,Expiration]' \
+        --output text
+)
+