wojtek-oledzki · August 7, 2018 23:15
diff --git a/Makefile-ansible-aws b/Makefile-ansible-aws
 SOURCE_PROFILE ?= default
 PROFILE ?= my-profile-with-role
 ASSUME_ROLE ?= arn:aws:iam::123498765678:role/my_admin_role

 ## Assumes role and udpates ~/.aws/credentials
 # Example: make assume_role
 assume_role:
 	@aws sts assume-role \
 		--profile $(SOURCE_PROFILE) \
 		--output text \
 		--role-arn $(ASSUME_ROLE) \
 		--role-session-name $(PROFILE)-assumed \
 	| tail -1 \
 	| awk 'BEGIN{ cmd="aws --profile=$(PROFILE) configure set " } { \
 		print cmd "aws_access_key_id " $$2 "\n" \
 			cmd "aws_secret_access_key " $$4 "\n" \
 			cmd "aws_session_token " $$5 }' \
 	| xargs -0 /bin/bash -c
 	@sed -ibak -n '/aws_security_token/!p' ~/.aws/credentials
 	@awk '{ if ("aws_session_token"==$$1) print $$0 "\naws_security_token = " $$3; else print $$0; }' ~/.aws/credentials > ~/.aws/credentials.tmp
 	@mv ~/.aws/credentials.tmp ~/.aws/credentials
	SOURCE_PROFILE ?= default
	PROFILE ?= my-profile-with-role
	ASSUME_ROLE ?= arn:aws:iam::123498765678:role/my_admin_role

	## Assumes role and udpates ~/.aws/credentials
	# Example: make assume_role
	assume_role:
	@aws sts assume-role \
	--profile $(SOURCE_PROFILE) \
	--output text \
	--role-arn $(ASSUME_ROLE) \
	--role-session-name $(PROFILE)-assumed \
	\| tail -1 \
	\| awk 'BEGIN{ cmd="aws --profile=$(PROFILE) configure set " } { \
	print cmd "aws_access_key_id " $$2 "\n" \
	cmd "aws_secret_access_key " $$4 "\n" \
	cmd "aws_session_token " $$5 }' \
	\| xargs -0 /bin/bash -c
	@sed -ibak -n '/aws_security_token/!p' ~/.aws/credentials
	@awk '{ if ("aws_session_token"==$$1) print $$0 "\naws_security_token = " $$3; else print $$0; }' ~/.aws/credentials > ~/.aws/credentials.tmp
	@mv ~/.aws/credentials.tmp ~/.aws/credentials