-
Notifications
You must be signed in to change notification settings - Fork 0
/
console_url.sh
executable file
·74 lines (55 loc) · 1.63 KB
/
console_url.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/bin/sh
#
# ----------------------------------
#
# assume-role and setup signinToken/url
# to access AWS console
#
ROLE_ARN=$1
SESSION_NAME=yaast-cli
__usage() {
echo >&2 "usage: $0 <role_arn>"
exit 1
}
__assume(){
out=$1
aws sts assume-role \
--output json \
--role-arn "$ROLE_ARN" \
--role-session-name "$SESSION_NAME" \
> $out
}
# if some flag ?
__export_to_sh(){
infile=$1
export AWS_ACCESS_KEY_ID=$(echo $infile | jq -r '.Credentials''.AccessKeyId')
export AWS_SECRET_ACCESS_KEY=$(echo $infile | jq -r '.Credentials''.SecretAccessKey')
export AWS_SESSION_TOKEN=$(echo $infile | jq -r '.Credentials''.SessionToken')
}
__fetch_signin_token(){
infile=$1
REQ_SESS_ENCODED=$(jq -r '{ "sessionId" : .Credentials.AccessKeyId,
"sessionKey": .Credentials.SecretAccessKey,
"sessionToken": .Credentials.SessionToken} | @uri' \
< $infile)
GET_SIGNIN_TOKEN_URL="https://signin.aws.amazon.com/federation?Action=getSigninToken&Session=${REQ_SESS_ENCODED}"
SIGNIN_TOKEN=$(curl --silent ${GET_SIGNIN_TOKEN_URL} | jq -r '.SigninToken')
CONSOLE=$(jq -nr --arg v "https://console.aws.amazon.com/" '$v|@uri')
echo "https://signin.aws.amazon.com/federation?Action=login&Destination=${CONSOLE}&SigninToken=${SIGNIN_TOKEN}"
}
# ---------------------------------------------------------
#
### M A I N
#
# ---------------------------------------------------------
[ -z "$ROLE_ARN" ] && __usage
TMP_CREDS_FILE=$(mktemp /tmp/Yaast_Credentials_XXXXXXX.json)
__assume $TMP_CREDS_FILE
if [ $? -gt 0 ]
then
echo " ⌧ "
__usage
fi
URL=$(__fetch_signin_token $TMP_CREDS_FILE)
echo "$URL"
# __export_to_sh $TMP_CREDS_FILE