patternMinor
AWS CLI and a JSON file
Viewed 0 times
filejsoncliawsand
Problem
I'm setting up my AWS CLI. To access to AWS services like EC2, I have to switch roles.
I used the command
Now what? I've googled around, but I cannot figure what to do with generated JSON.
How do I tell AWS CLI, "Use this JSON to authenticate with this role"?
Here is the (redacted) JSON I have:
I used the command
aws sts assume-role, and it spit out JSON with Credentials and AssumedRoleUser, complete with a session token. That's great!Now what? I've googled around, but I cannot figure what to do with generated JSON.
How do I tell AWS CLI, "Use this JSON to authenticate with this role"?
Here is the (redacted) JSON I have:
{
"Credentials": {
"AccessKeyId": "XXXXXXXXXXW5YABBKUXQ",
"SecretAccessKey": "XXXXXXXXXXXXXXXXXXXXB2EFEUmCtuwbJPcMBF02",
"SessionToken": "XXXXXXXXXXsi6md6PTNHYjHUljav",
"Expiration": "2021-12-03T04:59:02+00:00"
},
"AssumedRoleUser": {
"AssumedRoleId": "XXXXXXXXXX:dev",
"Arn": "arn:aws-us-gov:sts::999999999991:assumed-role/PROJADMIN/dev"
}
}Solution
The answer was to ignore everything in the JSON except the "SessionToken".
To use the session token, either add this to the credentials file profile with the same AWS keys, or export it as an env var
aws_session_token = XXXXXXXXXXXXXXXXXXXXXXXX
To use the session token, either add this to the credentials file profile with the same AWS keys, or export it as an env var
aws_session_token = XXXXXXXXXXXXXXXXXXXXXXXX
Context
StackExchange DevOps Q#15066, answer score: 1
Revisions (0)
No revisions yet.