From 48b5a1c2f664dc3f00589cf1261a21ad07b7f2ce Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Tue, 21 Mar 2023 16:08:01 -0400
Subject: [PATCH] add bin dir

---
 bin/assume_role_wrapper.sh | 45 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100755 bin/assume_role_wrapper.sh

diff --git a/bin/assume_role_wrapper.sh b/bin/assume_role_wrapper.sh
new file mode 100755
index 0000000..dd80bd3
--- /dev/null
+++ b/bin/assume_role_wrapper.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# wrapper of assume role to then call AWS commands
+
+# AWS_PROFILE set to the profile of the caller
+# AWS_REGION set to the region of the caller (and target)
+# ROLE_ARN set to the role ARN in the target
+
+if [ -z "$AWS_PROFILE" ]
+then
+  echo "# missing AWS_PROFILE"
+  exit 1
+fi
+if [ -z "$AWS_REGION" ]
+then
+  echo "# missing AWS_REGION"
+  exit 1
+fi
+if [ -z "$ROLE_ARN" ]
+then
+  echo "# missing ROLE_ARN"
+  exit 1
+fi
+if [ ! -z "$USER" ]
+then
+  SESSION_NAME=$USER
+else
+  SESSION_NAME=$(basename $0 .sh)
+fi
+AWS=$(which aws >/dev/null 2>&1)
+if [ $? != 0 ]
+then
+  echo "# unable to find aws cli"
+  exit 1
+fi
+
+# this user assume role, gets the access key, secret, and token
+set -e
+$(aws sts assume-role --role-arn $ROLE_ARN --role-session-name $USER --query 'Credentials.[`export#AWS_ACCESS_KEY_ID=`,AccessKeyId,`#AWS_SECRET_ACCESS_KEY=`,SecretAccessKey,`#AWS_SESSION_TOKEN=`,SessionToken]' --output text | sed $'s/\t//g' | sed 's/#/ /g')
+
+# now run commands (hopefully, it is aws ...)
+$@
+
+status=$?
+exit $status