The right way to AWS sts assume position in a single command – with out jq

The problem – what it takes to imagine a task

To imagine an AWS position within the CLI, you’ll have to do one thing like this:

aws sts assume-role --role-arn arn:aws:iam::123456789123:position/myAwesomeRole --role-session-name check --region eu-central-1

This gives you the next output:

{
    "Credentials": {
        "AccessKeyId": "someAccessKeyId",
        "SecretAccessKey": "someSecretAccessKey",
        "SessionToken": "someSessionToken",
        "Expiration": "20203-01-02T06:52:13+00:00"
    },
    "AssumedRoleUser": {
        "AssumedRoleId": "idOfTheAssummedRole",
        "Arn": "theARNOfTheRoleIWantToAssume"
    }
}

However then you’ll have to manually copy and paste the values of AccessKeyId, SecretAccessKey and SessionToken in a bunch of exports like this:

export AWS_ACCESS_KEY_ID="someAccessKeyId"                                                                                      
export AWS_SECRET_ACCESS_KEY="someSecretAccessKey"
export AWS_SESSION_TOKEN="someSessionToken"

At this stage you’ll be able to assume the position….

The answer – easy methods to velocity this up

You are able to do this with, or with out jq.

Clearly the less dependencies the higher, so we’ll do it:

• With out jq
• With out a number of exports
• Through the use of printf built-ins

This additionally permits the advantage of no credential leakage by means of /proc..

export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" 
$(aws sts assume-role 
--role-arn arn:aws:iam::123456789012:position/MyAssumedRole 
--role-session-name MySessionName 
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" 
--output textual content))