953 B
953 B
| title | tags | link | emoji | |
|---|---|---|---|---|
| Get credentials for an assumed role |
|
https://aws.amazon.com/premiumsupport/knowledge-center/iam-assume-role-cli/ | 🔑 |
It's often useful to get regular access keys as if you were assumed into another role. This is possible:
aws sts assume-role --role-arn arn:aws:iam::<account>:role/<role> --role-session-name <name>
This produces JSON output (it's the most readable of the 3 aws supports):
{
"Credentials": {
"AccessKeyId": "xxxxxxxxxxxxxxx",
"SecretAccessKey": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
"SessionToken": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
"Expiration": "2022-09-13T17:18:44Z"
},
"AssumedRoleUser": {
"AssumedRoleId": "xxxxxxxxxxxxxxxx:<name>",
"Arn": "arn:aws:sts::<account>:assumed-role/<role>/<name>"
}
}
See also the assume-role command's docs