AWS CLI - Assume role

Basics

role_arn="arn:aws:iam::123456789012:role/example-role";
role_session_name="AWSCLI-Session";

“role_session_name” can be any string

Grab credentials

aws sts assume-role --role-arn "$role_arn" --role-session-name "$role_session_name";

Create three environment variables to assume the IAM role.

export AWS_ACCESS_KEY_ID=<access-key-id>;
export AWS_SECRET_ACCESS_KEY=<secret-access-key>;
export AWS_SESSION_TOKEN=<session-token>;

Verify that you assumed the IAM role by running this command:

aws sts get-caller-identity;

Unset when done:

unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN;

Assume quickly using `jq`

Assume:

eval $(aws sts assume-role --role-arn "$role_arn" --role-session-name "$role_session_name" \
  | jq --raw-output '.Credentials | "export AWS_ACCESS_KEY_ID=\"" + .AccessKeyId + "\"", "export AWS_SECRET_ACCESS_KEY=\"" + .SecretAccessKey + "\"", "export AWS_SESSION_TOKEN=\"" + .SessionToken + "\""');

Un-assume:

unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN;

AWS CLI - Assume role

Basics

Assume quickly using jq

Assume quickly using `jq`