add bin dir

terraform-modules · Mar 21, 2023 · 48b5a1c · 48b5a1c
1 parent a7a6b02
commit 48b5a1c
Showing 1 changed file with 45 additions and 0 deletions.
diff --git a/bin/assume_role_wrapper.sh b/bin/assume_role_wrapper.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# wrapper of assume role to then call AWS commands
+
+# AWS_PROFILE set to the profile of the caller
+# AWS_REGION set to the region of the caller (and target)
+# ROLE_ARN set to the role ARN in the target
+
+if [ -z "$AWS_PROFILE" ]
+then
+  echo "# missing AWS_PROFILE"
+  exit 1
+fi
+if [ -z "$AWS_REGION" ]
+then
+  echo "# missing AWS_REGION"
+  exit 1
+fi
+if [ -z "$ROLE_ARN" ]
+then
+  echo "# missing ROLE_ARN"
+  exit 1
+fi
+if [ ! -z "$USER" ]
+then
+  SESSION_NAME=$USER
+else
+  SESSION_NAME=$(basename $0 .sh)
+fi
+AWS=$(which aws >/dev/null 2>&1)
+if [ $? != 0 ]
+then
+  echo "# unable to find aws cli"
+  exit 1
+fi
+
+# this user assume role, gets the access key, secret, and token
+set -e
+$(aws sts assume-role --role-arn $ROLE_ARN --role-session-name $USER --query 'Credentials.[`export#AWS_ACCESS_KEY_ID=`,AccessKeyId,`#AWS_SECRET_ACCESS_KEY=`,SecretAccessKey,`#AWS_SESSION_TOKEN=`,SessionToken]' --output text | sed $'s/\t//g' | sed 's/#/ /g')
+
+# now run commands (hopefully, it is aws ...)
+$@
+
+status=$?
+exit $status