aws sso script

.aws/config 에 추가

[profile dev]
sso_session = sso
sso_account_id = 911781391110
sso_role_name = Develop_DevOps
region = ap-northeast-2
output = json
sso_start_url = https://crypted.awsapps.com/start#/
sso_region = ap-southeast-1


[sso-session sso]
sso_start_url = https://crypted.awsapps.com/start#/
sso_region = ap-southeast-1
sso_registration_scopes = sso:account:access

~.zshrc / ~.bashrc 에 아래 내용을 추가 한뒤 적용한다.

alias sso='aws sso login'

env_aws()
{
export AWS_PROFILE=$1
aws sts get-caller-identity |jq
}

alias pf=env_aws

aws_assume()
{
if [ $# -ne 1  ]; then
    echo "input arguments ex) assume dev"
    exit 0
fi

env=$1

export AWS_PROFILE=$env;
account=$(aws sts get-caller-identity | jq -r '.Account' )   ;
js=$(aws sts assume-role --role-arn arn:aws:iam::${account}:role/devops-role --role-session-name devops-session  |jq -r  '.')
export AWS_ACCESS_KEY_ID=$(echo $js | jq -r .Credentials.AccessKeyId)
export AWS_SECRET_ACCESS_KEY=$(echo $js | jq -r .Credentials.SecretAccessKey)
export AWS_SESSION_TOKEN=$(echo $js | jq -r .Credentials.SessionToken)
aws sts get-caller-identity |jq
}

# alias assume='source ~/aws_sso_sts_assume.sh'
alias ass=aws_assume

aws_assumed()
{
if [ $# -ne 1  ]; then
    echo "input arguments ex) assume dev"
    exit 0
fi

env=$1

export AWS_PROFILE=$env;
account=$(aws sts get-caller-identity | jq -r '.Account' )   ;
js=$(aws sts assume-role --role-arn arn:aws:iam::${account}:role/develop-role --role-session-name develop-session  |jq -r  '.')
export AWS_ACCESS_KEY_ID=$(echo $js | jq -r .Credentials.AccessKeyId)
export AWS_SECRET_ACCESS_KEY=$(echo $js | jq -r .Credentials.SecretAccessKey)
export AWS_SESSION_TOKEN=$(echo $js | jq -r .Credentials.SessionToken)
aws sts get-caller-identity |jq
}

alias assd=aws_assumed
alias ass=aws_assume
alias unass='unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN'

alias sts='aws sts get-caller-identity  |jq'

Previous[AWS]Nexttagging 자동화

Last updated 5 months ago

[profile dev] sso_session = sso sso_account_id = 911781391110 sso_role_name = Develop_DevOps region = ap-northeast-2 output = json sso_start_url = https://crypted.awsapps.com/start#/ sso_region = ap-southeast-1 [sso-session sso] sso_start_url = https://crypted.awsapps.com/start#/ sso_region = ap-southeast-1 sso_registration_scopes = sso:account:access

alias sso='aws sso login' env_aws() { export AWS_PROFILE=$1 aws sts get-caller-identity |jq } alias pf=env_aws aws_assume() { if [ $# -ne 1 ]; then echo "input arguments ex) assume dev" exit 0 fi env=$1 export AWS_PROFILE=$env; account=$(aws sts get-caller-identity | jq -r '.Account' ) ; js=$(aws sts assume-role --role-arn arn:aws:iam::${account}:role/devops-role --role-session-name devops-session |jq -r '.') export AWS_ACCESS_KEY_ID=$(echo $js | jq -r .Credentials.AccessKeyId) export AWS_SECRET_ACCESS_KEY=$(echo $js | jq -r .Credentials.SecretAccessKey) export AWS_SESSION_TOKEN=$(echo $js | jq -r .Credentials.SessionToken) aws sts get-caller-identity |jq } # alias assume='source ~/aws_sso_sts_assume.sh' alias ass=aws_assume aws_assumed() { if [ $# -ne 1 ]; then echo "input arguments ex) assume dev" exit 0 fi env=$1 export AWS_PROFILE=$env; account=$(aws sts get-caller-identity | jq -r '.Account' ) ; js=$(aws sts assume-role --role-arn arn:aws:iam::${account}:role/develop-role --role-session-name develop-session |jq -r '.') export AWS_ACCESS_KEY_ID=$(echo $js | jq -r .Credentials.AccessKeyId) export AWS_SECRET_ACCESS_KEY=$(echo $js | jq -r .Credentials.SecretAccessKey) export AWS_SESSION_TOKEN=$(echo $js | jq -r .Credentials.SessionToken) aws sts get-caller-identity |jq } alias assd=aws_assumed alias ass=aws_assume alias unass='unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN' alias sts='aws sts get-caller-identity |jq'