assume role mit aws cli

title: “assume role mit aws cli”
date: 2023-05-10T08:13:41
slug: assume-role-mit-aws-cli

Die Role die man anziehen will: arn:aws:iam::224945782113:role/SystemsSquad

aws sts assume-role --role-arn arn:aws:iam::224945782113:role/SystemsSquad --role-session-name tasanger-test

Output:

{
"Credentials": {
"AccessKeyId": "ASIATIX6QHVQ6M4KNHHD",
"SecretAccessKey": "Gg6aYXn1Z0MGUmdewe/niVAy/Y6m6uI8pGZEkSbD",
"SessionToken": "IQoJb3JpZ2luX2VjEHAaDGV1LWNlbnRyYWwtMSJHMEUCIGHsS/akNvXCeB4474tbe1zzvPkxVV33HNyyR9RS8bbPAiEAyj/g8Y4UprtqsTllv1xMK+aikB75CFiNFzWzUxExT5YqowIIif//////////ARADGgwyMjQ5NDU3ODIxMTMiDMQW2hW9h8TCzhzwbCr3ASMdjECSqBaBtDW/kk4RAMM3EC9EExhMa1KlP5+gk5Xh3si7J3shISRp95sMQM8m3xX3R6k1n/84V7LS4HtcnHlPa3piJp6vVL5mPFkGeT9k3hr66ueP1j8olD5khiZRAaMZP36FVk9/cgFXl00jPjIRTl0ZMj0VlFJHNCur8cwSH7y0Xs6cNhPFHBCu0rBQJHCOElphkDiQqaBMwNHTPUXnXL7YgFGnAaf7AwkyjAuQRrJ3/yruuJe2bb8XBlwYuL097m08IRdCcnJ5V3uNxfiGO2pJaizXKWcnAZJSg1gCtXZkTWpgd264rm+tOOQPj0MWyhWDIWQwuqPtogY6nQHZwRbTptHIsl/SnGWfRd+P0sBsyr2noRx//9S/UwrXNUh2wqzG2hX9LuPr9kXhj+pQRcWN8wSkWQAeCSOUUi8pD9gtfmbCNQopkZhly89IDBXq19UYFVCMRlKjC+yHcQBM6mpH++aNuRI5630EyzKFOYR6FNJ5OCiNrXHx2DAbfkXTIDObZa656j8wHLQJ4I2+ugUubgCkPbbALJfX",
"Expiration": "2023-05-10T09:11:38+00:00"
},
"AssumedRoleUser": {
"AssumedRoleId": "AROATIX6QHVQXONL4U6E2:tasanger-test",
"Arn": "arn:aws:sts::224945782113:assumed-role/SystemsSquad/tasanger-test"
}
}

In ~/.aws/credentials eintragen:

[tasanger-test]
aws\_access\_key\_id=ASIATIX6QHVQ6M4KNHHD
aws\_secret\_access\_key=Gg6aYXn1Z0MGUmdewe/niVAy/Y6m6uI8pGZEkSbD
aws\_session\_token=IQoJb3JpZ2luX2VjEHAaDGV1LWNlbnRyYWwtMSJHMEUCIGHsS/akNvXCeB4474tbe1zzvPkxVV33HNyyR9RS8bbPAiEAyj/g8Y4UprtqsTllv1xMK+aikB75CFiNFzWzUxExT5YqowIIif//////////ARADGgwyMjQ5NDU3ODIxMTMiDMQW2hW9h8TCzhzwbCr3ASMdjECSqBaBtDW/kk4RAMM3EC9EExhMa1KlP5+gk5Xh3si7J3shISRp95sMQM8m3xX3R6k1n/84V7LS4HtcnHlPa3piJp6vVL5mPFkGeT9k3hr66ueP1j8olD5khiZRAaMZP36FVk9/cgFXl00jPjIRTl0ZMj0VlFJHNCur8cwSH7y0Xs6cNhPFHBCu0rBQJHCOElphkDiQqaBMwNHTPUXnXL7YgFGnAaf7AwkyjAuQRrJ3/yruuJe2bb8XBlwYuL097m08IRdCcnJ5V3uNxfiGO2pJaizXKWcnAZJSg1gCtXZkTWpgd264rm+tOOQPj0MWyhWDIWQwuqPtogY6nQHZwRbTptHIsl/SnGWfRd+P0sBsyr2noRx//9S/UwrXNUh2wqzG2hX9LuPr9kXhj+pQRcWN8wSkWQAeCSOUUi8pD9gtfmbCNQopkZhly89IDBXq19UYFVCMRlKjC+yHcQBM6mpH++aNuRI5630EyzKFOYR6FNJ5OCiNrXHx2DAbfkXTIDObZa656j8wHLQJ4I2+ugUubgCkPbbALJfX
aws\_expiration=2023-05-10T17:05:00.000Z

Temporäres Profil in ~/.aws/config anlegen:

[profile tasanger-test]
region=eu-central-1

aws cli mit temporären Profil aufrufen:

aws --profile tasanger-test cloudwatch list-metrics --namespace AWS/WAFV2
Print Friendly, PDF & Email