mirror of
https://github.com/RealOrangeOne/notes.git
synced 2024-11-16 19:39:24 +00:00
Add note about getting credentials for an assumed role
This commit is contained in:
parent
68a05ca0e6
commit
312b5f0c10
1 changed files with 32 additions and 0 deletions
32
notes/aws/assume-role-credentials.md
Normal file
32
notes/aws/assume-role-credentials.md
Normal file
|
@ -0,0 +1,32 @@
|
|||
---
|
||||
title: Get credentials for an assumed role
|
||||
tags:
|
||||
- AWS
|
||||
link: https://aws.amazon.com/premiumsupport/knowledge-center/iam-assume-role-cli/
|
||||
emoji: 🔑
|
||||
---
|
||||
|
||||
It's often useful to get regular access keys as if you were assumed into another role. This is possible:
|
||||
|
||||
```
|
||||
aws sts assume-role --role-arn arn:aws:iam::<account>:role/<role> --role-session-name <name>
|
||||
```
|
||||
|
||||
This produces JSON output (it's the most readable of the 3 `aws` supports):
|
||||
|
||||
```json
|
||||
{
|
||||
"Credentials": {
|
||||
"AccessKeyId": "xxxxxxxxxxxxxxx",
|
||||
"SecretAccessKey": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
|
||||
"SessionToken": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
|
||||
"Expiration": "2022-09-13T17:18:44Z"
|
||||
},
|
||||
"AssumedRoleUser": {
|
||||
"AssumedRoleId": "xxxxxxxxxxxxxxxx:<name>",
|
||||
"Arn": "arn:aws:sts::<account>:assumed-role/<role>/<name>"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
See also the [`assume-role`](https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role.html) command's docs
|
Loading…
Reference in a new issue