Work with multiple AWS accounts more easily.
If you currently manage multiple AWS accounts and use role switching to do work in them, this is the tool for you!
- nodejs v0.12 or higher
First, you need to install the tool from NPM:
npm install -g InventiveDesigners/assume-aws-role
Next, you need to add a role that you'd like to assume. As an example, lets say I wanted to add the Administrator role for my sandbox account with MFA required:
assume-aws-role add sandbox \
"arn:aws:iam::123456789012:role/Administrator" \
"arn:aws:iam::109876543210:mfa/jbuck"
Now you can assume that role we just added:
assume-aws-role sandbox 123456
Now you've got a shell with your temporary security credentials in the environment:
(assume-aws-role sandbox)$
You can also add roles without MFA devices:
assume-aws-role add sandbox \
"arn:aws:iam::123456789012:role/Administrator"
You can list all the defined roles with a single command:
assume-aws-role list
You can delete a defined alias with a single command:
assume-aws-role delete <alias>
Any roles you add are stored in ~/.assume-aws-role/config
. It's optional but highly recommended that you use a MFA device.
You can add DurationSeconds
for each AWS profile. If you don't set this value, the default of 3600 will be used.
assume-aws-role
uses the STS:AssumeRole API to assume the role you specified.
After receiving valid credentials assume-aws-role
will spawn the shell specified in $SHELL
with the environment modified to include AWS_ACCESS_KEY_ID
, AWS_SECRET_ACCESS_KEY
, and AWS_SESSION_TOKEN
. The environment also includes an overridden PS1
with a minimal custom prompt, and ASSUME_AWS_ROLE
with the role so you can fully customize the PS1
prompt by yourself.