How do I assume a role


I am using the CLI to try and I want to retrieve a value from secrets manager. My IAM user doesn't have access to retrieve secrets but it does have access to assume a role (deploy_role) that does have access. I'm unsure of how to set up the credentials profile to auth into that IAM user as well as assume the role. My credentials file looks like this:

[default] aws_access_key_id=[my iam user's access key] aws_secret_access_key=[my iam user's secret access key] region=us-east-1

Is there a way to set up credentials to auth as that IAM user as well as assume the role (deploy_role)? Or, do I need to somehow do it after it is authed with a separate command. I would like to not have a second command because when I get into the .Net SDK, I don't want to check in code that lists the specific role info.

Thank you! Cindy

1 Answer

Something like this:

aws sts assume-role \
   --role-arn <ROLE_ARN> \
   --role-session-name <ROLE_NAME> \
   --duration-seconds 3600 \
   --output text \
   --query Credentials.[SessionToken,SecretAccessKey,AccessKeyId,Expiration]"

export AWS_SESSION_TOKEN=$(echo $credentials | cut -f1 -d' ')
export AWS_SECRET_ACCESS_KEY=$(echo $credentials | cut -f2 -d' ')
export AWS_ACCESS_KEY_ID=$(echo $credentials | cut -f3 -d' ')
export AWS_SESSION_EXPIRATION=$(echo $credentials | cut -f4 -d' ')

If you are on an EC2 instance you can assign a role to the instance. See: IAM roles for Amazon EC2

profile pictureAWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions