How to assume roles interactively and quickly in AWS CLI

Working on AWS projects in the terminal can be annoying sometimes, especially when you have a large list of accounts and roles to work with. Typing in the multi-part command and the role ARN is just too much work to do over and over again:
aws sts assume-role --role-arn arn:aws:iam::123456789012:role/roletoassume
Defining an alias for each role is impracticable, as well, because it would require to edit the AWS CLI config file (~/.aws/config and ~/.aws/credentials) and update the aliases (~/.bash_aliases or similar depending on your shell). It would be so much easier if the assume-role command would just query the AWS config.

Just like this:

The solution is the little helper programm assume-role in combination with fzf.

Installation and setup

The following assumes bash as your shell of choice and aptitude as the package manager. Other shells or package managers work just as well.

AWS CLI

Download and install AWS CLI: This covers the base functionality, i.e. interacting with AWS services.

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"

unzip awscliv2.zip

sudo ./aws/install

Go

Install Go through your standard package manager.

sudo apt install golang-go

1	sudo apt install golang-go

Go binaries are by default placed in ~/go/bin, so this location must be added to the PATH by appending the following to lines to the ~/.bashrc file.

export GOPATH="$HOME/go" 
export PATH="${GOPATH}/bin:${PATH}"

1 2	export GOPATH="$HOME/go" export PATH="${GOPATH}/bin:${PATH}"

Assume-role

Install assume-role from Remind.

go get -u github.com/remind101/assume-role

1	go get -u github.com/remind101/assume-role

Update [12.09.2022]: In newer versions of go you might have to install assume-role with
go install github.com/remind101/assume-role@latest
because the way go handles installations outside modules changed.

Fzf

Install fzf, a fuzzy finder for the command line. Here, fzf is used to query the AWS config file but it can do so much more.

sudo apt-get install fzf

1	sudo apt-get install fzf

(Optional) Enable the key bindings for more convienent use. This is not necessary if fzf should only query the config file.

source /usr/share/doc/fzf/examples/key-bindings.bash

1	source /usr/share/doc/fzf/examples/key-bindings.bash

Bring it all together in one function

Create a short function to interactively assume roles by adding to folowing to ~/.bashrc. It might be useful to give this function a shorter and more unique name, so it can be typed as wuickly as possible with the help of auto-completion.

function assume-role-p() {
    if [[ $# -eq 0 ]]; then
        # profile=`cat ~/.aws/config | gawk 'match($0, /^\[profile ([a-zA-Z0-9_-]+)\]$/, ary) {print ary[1]}' | fzf -1 --prompt 'Select profile: '`
        profile=`cat ~/.aws/config | grep "\[profile" | sed 's/^\[profile //;s/.\{2\}$//' | fzf -1 --prompt 'Select profile: '`
    elif [[ $# -eq 1 ]]; then
        profile="$1"
    else
        echo "USAGE: $0 [profile]"
        return 1
    fi
    unset AWS_ACCESS_KEY_ID
    echo "Assuming role ${profile}"
    export AWS_PROFILE=${profile}
    eval $(command assume-role ${profile})
}

function assume-role-p() {

if [[ $# -eq 0 ]]; then

# profile=`cat ~/.aws/config | gawk 'match($0, /^\[profile ([a-zA-Z0-9_-]+)\]$/, ary) {print ary[1]}' | fzf -1 --prompt 'Select profile: '`

profile=`cat ~/.aws/config | grep "\[profile" | sed 's/^\[profile //;s/.\{2\}$//' | fzf -1 --prompt 'Select profile: '`

elif [[ $# -eq 1 ]]; then

profile="$1"

else

echo "USAGE: $0 [profile]"

return 1

unset AWS_ACCESS_KEY_ID

echo "Assuming role ${profile}"

export AWS_PROFILE=${profile}

eval $(command assume-role ${profile})

}

Don’t forget to reload .bashrc after these updates (or open a new terminal).

source ~/.bashrc

1	source ~/.bashrc

Usage

Just type assume-role-p and the interactive profile switcher will open, just like you see in the GIF above.