1
Fork 0
mirror of https://github.com/RealOrangeOne/notes.git synced 2024-12-22 13:16:22 +00:00

Add note about getting credentials for an assumed role

This commit is contained in:
Jake Howard 2022-09-13 17:26:01 +01:00
parent 68a05ca0e6
commit 312b5f0c10
Signed by: jake
GPG key ID: 57AFB45680EDD477

View file

@ -0,0 +1,32 @@
---
title: Get credentials for an assumed role
tags:
- AWS
link: https://aws.amazon.com/premiumsupport/knowledge-center/iam-assume-role-cli/
emoji: 🔑
---
It's often useful to get regular access keys as if you were assumed into another role. This is possible:
```
aws sts assume-role --role-arn arn:aws:iam::<account>:role/<role> --role-session-name <name>
```
This produces JSON output (it's the most readable of the 3 `aws` supports):
```json
{
"Credentials": {
"AccessKeyId": "xxxxxxxxxxxxxxx",
"SecretAccessKey": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
"SessionToken": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
"Expiration": "2022-09-13T17:18:44Z"
},
"AssumedRoleUser": {
"AssumedRoleId": "xxxxxxxxxxxxxxxx:<name>",
"Arn": "arn:aws:sts::<account>:assumed-role/<role>/<name>"
}
}
```
See also the [`assume-role`](https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role.html) command's docs