Working on AWS projects in the terminal can be annoying sometimes, especially when you have a large list of accounts and roles to work with. Typing in the multi-part command and the role ARN is just too much work to do over and over again:aws sts assume-role --role-arn arn:aws:iam::123456789012:role/roletoassume
Defining an alias for each role is impracticable, as well, because it would require to edit the AWS CLI config file (~/.aws/config
and ~/.aws/credentials
) and update the aliases (~/.bash_aliases
or similar depending on your shell). It would be so much easier if the assume-role command would just query the AWS config.
Just like this:
The solution is the little helper programm assume-role in combination with fzf.
Installation and setup
The following assumes bash as your shell of choice and aptitude as the package manager. Other shells or package managers work just as well.
AWS CLI
Download and install AWS CLI: This covers the base functionality, i.e. interacting with AWS services.
1 2 3 |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install |
Go
Install Go through your standard package manager.
1 |
sudo apt install golang-go |
Go binaries are by default placed in ~/go/bin
, so this location must be added to the PATH by appending the following to lines to the ~/.bashrc
file.
1 2 |
export GOPATH="$HOME/go" export PATH="${GOPATH}/bin:${PATH}" |
Assume-role
Install assume-role from Remind.
1 |
go get -u github.com/remind101/assume-role |
Update [12.09.2022]: In newer versions of go you might have to install assume-role with a different command because the way go handles installations outside modules changed.
1 |
go install github.com/remind101/assume-role |
Fzf
Install fzf, a fuzzy finder for the command line. Here, fzf is used to query the AWS config file but it can do so much more.
1 |
sudo apt-get install fzf |
(Optional) Enable the key bindings for more convienent use. This is not necessary if fzf should only query the config file.
1 |
source /usr/share/doc/fzf/examples/key-bindings.bash |
Bring it all together in one function
Create a short function to interactively assume roles by adding to folowing to ~/.bashrc
. It might be useful to give this function a shorter and more unique name, so it can be typed as wuickly as possible with the help of auto-completion.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
function assume-role-p() { if [[ $# -eq 0 ]]; then # profile=`cat ~/.aws/config | gawk 'match($0, /^\[profile ([a-zA-Z0-9_-]+)\]$/, ary) {print ary[1]}' | fzf -1 --prompt 'Select profile: '` profile=`cat ~/.aws/config | grep "\[profile" | sed 's/^\[profile //;s/.\{2\}$//' | fzf -1 --prompt 'Select profile: '` elif [[ $# -eq 1 ]]; then profile="$1" else echo "USAGE: $0 [profile]" return 1 fi unset AWS_ACCESS_KEY_ID echo "Assuming role ${profile}" export AWS_PROFILE=${profile} eval $(command assume-role ${profile}) } |
Don’t forget to reload .bashrc
after these updates (or open a new terminal).
1 |
source ~/.bashrc |
Usage
Just type assume-role-p and the interactive profile switcher will open, just like you see in the GIF above.