AWS Security Token Service
Assume role in other accounts in organisation
#!/bin/bash
thisaccount='123456787654'
role='OrganizationAdminRole'
session_name='AssumeSession'
# Get all the accounts in the organisation
for account in $(aws organizations list-accounts --no-paginate | jq -r '.Accounts[] | .Id ')
do
if [ ${account} = ${thisaccount} ]; then
break
else
printf "Getting temp creds for account sts assume-roles.\n" "${account}"
printf "aws sts assume-role --role-arn arn:aws:iam::"${account}":role/"${role}" \
--role-session-name "${session_name}" \n"
temp_role=$(aws sts assume-role \
--role-arn arn:aws:iam::"${account}":role/"${role}" \
--role-session-name "${session_name}")
-
printf "temp_role result:- \n\n"
printf "${temp_role} \n"
export AWS_ACCESS_KEY_ID=$(echo $temp_role | jq -r .Credentials.AccessKeyId)
export AWS_SECRET_ACCESS_KEY=$(echo $temp_role | jq -r .Credentials.SecretAccessKey)
export AWS_SESSION_TOKEN=$(echo $temp_role | jq -r .Credentials.SessionToken)
# Do some interesting stuff in the assumes role account here
printf "sts get id \n"
aws sts get-caller-identity
printf "end of sts get \n"
# unset to go back to main account credentials
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SESSION_TOKEN
fi
done