AWS Assume Role script improvements #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
letic
commented
Jan 2, 2019
letic
commented
- Make the script more modular no need to hardcode value anymore
- Get the user's AWS CLI credentials
- Ability to choose from different AWS profile (could be easily added as a parameter with getopts but didn't wanted to spend too much time on this)
- Get the user's AWS CLI credentials - Ability to choose from different AWS profile (could be easily added as a parameter with getopts but didn't wanted to spend too much time on this)
Integralist
reviewed
Jan 5, 2019
| unset AWS_SESSION_TOKEN | ||
| export AWS_ACCESS_KEY_ID=$(grep -A2 "\[$AWS_PROFILE\]" ~/.aws/credentials | awk -F"= " '/aws_access_key_id/ {print $2}') | ||
| export AWS_SECRET_ACCESS_KEY=$(grep -A2 "\[$AWS_PROFILE\]" ~/.aws/credentials | awk -F"= " '/aws_secret_access_key/ {print $2}') | ||
| export AWS_REGION=$(grep -A2 "\[$AWS_PROFILE\]" ~/.aws/config | awk -F"= " '/region/ {print $2}') |
There was a problem hiding this comment.
the grep/awk flows are effectively the same, would it make sense to move the logic to a function and just pass in aws_access_key_id, aws_secret_access_key, region as the differentiator?
| if [ ! -z "$3" ]; then | ||
| AWS_SESSION_NAME=$3 | ||
| else | ||
| AWS_SESSION_NAME="Assume-$1" |
There was a problem hiding this comment.
I'd like to assign $1 to a variable (e.g. AWS_ID) just for clarity, especially later where you reference $1 as part of the assume role line (it makes that line just a little bit clearer).
There was a problem hiding this comment.
Sure good idea 👍
I also thought that we should add a parameter to revert the credentials to the default AWS profile.
Looking forward to your improvements.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.