Unverified Commit ce836647 authored by Roman Danyk's avatar Roman Danyk Committed by GitHub
Browse files

feat(aws): respect optional parameters from the AWS CLI config file (#9453)

parent 9b119866
...@@ -50,32 +50,39 @@ function acp() { ...@@ -50,32 +50,39 @@ function acp() {
# First, if the profile has MFA configured, lets get the token and session duration # First, if the profile has MFA configured, lets get the token and session duration
local mfa_serial="$(aws configure get mfa_serial --profile $profile)" local mfa_serial="$(aws configure get mfa_serial --profile $profile)"
local sess_duration="$(aws configure get duration_seconds --profile $profile)"
if [[ -n "$mfa_serial" ]]; then if [[ -n "$mfa_serial" ]]; then
local -a mfa_opt local -a mfa_opt
local mfa_token sess_duration local mfa_token
echo -n "Please enter your MFA token for $mfa_serial: " echo -n "Please enter your MFA token for $mfa_serial: "
read -r mfa_token read -r mfa_token
echo -n "Please enter the session duration in seconds (900-43200; default: 3600, which is the default maximum for a role): " if [[ -z "$sess_duration" ]]; then
read -r sess_duration echo -n "Please enter the session duration in seconds (900-43200; default: 3600, which is the default maximum for a role): "
read -r sess_duration
fi
mfa_opt=(--serial-number "$mfa_serial" --token-code "$mfa_token" --duration-seconds "${sess_duration:-3600}") mfa_opt=(--serial-number "$mfa_serial" --token-code "$mfa_token" --duration-seconds "${sess_duration:-3600}")
# Now see whether we need to just MFA for the current role, or assume a different one # Now see whether we need to just MFA for the current role, or assume a different one
local role_arn="$(aws configure get role_arn --profile $profile)" local role_arn="$(aws configure get role_arn --profile $profile)"
local sess_name="$(aws configure get role_session_name --profile $profile)"
if [[ -n "$role_arn" ]]; then if [[ -n "$role_arn" ]]; then
# Means we need to assume a specified role # Means we need to assume a specified role
aws_command=(aws sts assume-role --role-arn "$role_arn" "${mfa_opt[@]}") aws_command=(aws sts assume-role --role-arn "$role_arn" "${mfa_opt[@]}")
# Check whether external_id is configured to use while assuming the role # Check whether external_id is configured to use while assuming the role
local external_id="$(aws configure get external_id --profile "$profile")" local external_id="$(aws configure get external_id --profile $profile)"
if [[ -n "$external_id" ]]; then if [[ -n "$external_id" ]]; then
aws_command+=(--external-id "$external_id") aws_command+=(--external-id "$external_id")
fi fi
# Get source profile to use to assume role # Get source profile to use to assume role
local source_profile="$(aws configure get source_profile --profile "$profile")" local source_profile="$(aws configure get source_profile --profile $profile)"
aws_command+=(--profile="${source_profile:-profile}" --role-session-name "${source_profile:-profile}") if [[ -z "$sess_name" ]]; then
sess_name="${source_profile:-profile}"
fi
aws_command+=(--profile="${source_profile:-profile}" --role-session-name "${sess_name}")
echo "Assuming role $role_arn using profile ${source_profile:-profile}" echo "Assuming role $role_arn using profile ${source_profile:-profile}"
else else
...@@ -122,13 +129,13 @@ function aws_change_access_key() { ...@@ -122,13 +129,13 @@ function aws_change_access_key() {
return 1 return 1
fi fi
echo Insert the credentials when asked. echo "Insert the credentials when asked."
asp "$1" || return 1 asp "$1" || return 1
AWS_PAGER="" aws iam create-access-key AWS_PAGER="" aws iam create-access-key
AWS_PAGER="" aws configure --profile "$1" AWS_PAGER="" aws configure --profile "$1"
echo You can now safely delete the old access key running \`aws iam delete-access-key --access-key-id ID\` echo "You can now safely delete the old access key running \`aws iam delete-access-key --access-key-id ID\`"
echo Your current keys are: echo "Your current keys are:"
AWS_PAGER="" aws iam list-access-keys AWS_PAGER="" aws iam list-access-keys
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment