Differences

This shows you the differences between two versions of the page.

--- aws:sts [26/02/2024 10:03] – created - external edit 127.0.0.1
+++ aws:sts [07/01/2026 11:59] (current) – [Assume role in other accounts in organisation] andrew
@@ Line 1: / Line 1: @@
 ====== AWS Security Token Service ======
+Who am I??
+Deep philosophy the AWS way, use sts get-caller-identity:-
+<code>
+$ aws sts get-caller-identity --color on
+{
+    "UserId": "AERRTT%ESSXXXXPZZZZZP:User1234",
+    "Account": "987667892345",
+    "Arn": "arn:aws:sts::987667892345:assumed-role/AWSReservedSSO_PLATFORM-Administrator_d4a391q2z49ade26/User1234"
+}
+</code>
 ===== Assume role in other accounts in organisation =====
@@ Line 22: / Line 34: @@
                 --role-session-name "${session_name}" \n"
-        temp_role=$(aws sts assume-role \
+        assumed_role=$(aws sts assume-role \
         --role-arn arn:aws:iam::"${account}":role/"${role}" \
         --role-session-name "${session_name}")
         -
-        printf "temp_role result:- \n\n"
+        printf "assumed_role result:- \n\n"
-        printf "${temp_role} \n"
+        printf "${assumed_role} \n"
-        export AWS_ACCESS_KEY_ID=$(echo $temp_role | jq -r .Credentials.AccessKeyId)
+        export AWS_ACCESS_KEY_ID=$(echo $assumed_role | jq -r .Credentials.AccessKeyId)
-        export AWS_SECRET_ACCESS_KEY=$(echo $temp_role | jq -r .Credentials.SecretAccessKey)
+        export AWS_SECRET_ACCESS_KEY=$(echo $assumed_role | jq -r .Credentials.SecretAccessKey)
-        export AWS_SESSION_TOKEN=$(echo $temp_role | jq -r .Credentials.SessionToken)
+        export AWS_SESSION_TOKEN=$(echo $assumed_role | jq -r .Credentials.SessionToken)
-        # Do some interesting stuff in the assumes role account here
+        # Do some interesting stuff in the assumed role account here
         printf "sts get id \n"
         aws sts get-caller-identity