|
@@ -62,47 +62,47 @@ function acp() {
|
|
|
read -r sess_duration
|
|
|
fi
|
|
|
mfa_opt=(--serial-number "$mfa_serial" --token-code "$mfa_token" --duration-seconds "${sess_duration:-3600}")
|
|
|
+ fi
|
|
|
|
|
|
- # Now see whether we need to just MFA for the current role, or assume a different one
|
|
|
- local role_arn="$(aws configure get role_arn --profile $profile)"
|
|
|
- local sess_name="$(aws configure get role_session_name --profile $profile)"
|
|
|
-
|
|
|
- if [[ -n "$role_arn" ]]; then
|
|
|
- # Means we need to assume a specified role
|
|
|
- aws_command=(aws sts assume-role --role-arn "$role_arn" "${mfa_opt[@]}")
|
|
|
+ # Now see whether we need to just MFA for the current role, or assume a different one
|
|
|
+ local role_arn="$(aws configure get role_arn --profile $profile)"
|
|
|
+ local sess_name="$(aws configure get role_session_name --profile $profile)"
|
|
|
|
|
|
- # Check whether external_id is configured to use while assuming the role
|
|
|
- local external_id="$(aws configure get external_id --profile $profile)"
|
|
|
- if [[ -n "$external_id" ]]; then
|
|
|
- aws_command+=(--external-id "$external_id")
|
|
|
- fi
|
|
|
+ if [[ -n "$role_arn" ]]; then
|
|
|
+ # Means we need to assume a specified role
|
|
|
+ aws_command=(aws sts assume-role --role-arn "$role_arn" "${mfa_opt[@]}")
|
|
|
|
|
|
- # Get source profile to use to assume role
|
|
|
- local source_profile="$(aws configure get source_profile --profile $profile)"
|
|
|
- if [[ -z "$sess_name" ]]; then
|
|
|
- sess_name="${source_profile:-profile}"
|
|
|
- fi
|
|
|
- aws_command+=(--profile="${source_profile:-profile}" --role-session-name "${sess_name}")
|
|
|
+ # Check whether external_id is configured to use while assuming the role
|
|
|
+ local external_id="$(aws configure get external_id --profile $profile)"
|
|
|
+ if [[ -n "$external_id" ]]; then
|
|
|
+ aws_command+=(--external-id "$external_id")
|
|
|
+ fi
|
|
|
|
|
|
- echo "Assuming role $role_arn using profile ${source_profile:-profile}"
|
|
|
- else
|
|
|
- # Means we only need to do MFA
|
|
|
- aws_command=(aws sts get-session-token --profile="$profile" "${mfa_opt[@]}")
|
|
|
- echo "Obtaining session token for profile $profile"
|
|
|
+ # Get source profile to use to assume role
|
|
|
+ local source_profile="$(aws configure get source_profile --profile $profile)"
|
|
|
+ if [[ -z "$sess_name" ]]; then
|
|
|
+ sess_name="${source_profile:-profile}"
|
|
|
fi
|
|
|
+ aws_command+=(--profile="${source_profile:-profile}" --role-session-name "${sess_name}")
|
|
|
|
|
|
- # Format output of aws command for easier processing
|
|
|
- aws_command+=(--query '[Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken]' --output text)
|
|
|
+ echo "Assuming role $role_arn using profile ${source_profile:-profile}"
|
|
|
+ else
|
|
|
+ # Means we only need to do MFA
|
|
|
+ aws_command=(aws sts get-session-token --profile="$profile" "${mfa_opt[@]}")
|
|
|
+ echo "Obtaining session token for profile $profile"
|
|
|
+ fi
|
|
|
|
|
|
- # Run the aws command to obtain credentials
|
|
|
- local -a credentials
|
|
|
- credentials=(${(ps:\t:)"$(${aws_command[@]})"})
|
|
|
+ # Format output of aws command for easier processing
|
|
|
+ aws_command+=(--query '[Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken]' --output text)
|
|
|
|
|
|
- if [[ -n "$credentials" ]]; then
|
|
|
- aws_access_key_id="${credentials[1]}"
|
|
|
- aws_secret_access_key="${credentials[2]}"
|
|
|
- aws_session_token="${credentials[3]}"
|
|
|
- fi
|
|
|
+ # Run the aws command to obtain credentials
|
|
|
+ local -a credentials
|
|
|
+ credentials=(${(ps:\t:)"$(${aws_command[@]})"})
|
|
|
+
|
|
|
+ if [[ -n "$credentials" ]]; then
|
|
|
+ aws_access_key_id="${credentials[1]}"
|
|
|
+ aws_secret_access_key="${credentials[2]}"
|
|
|
+ aws_session_token="${credentials[3]}"
|
|
|
fi
|
|
|
|
|
|
# Switch to AWS profile
|