Terraform으로 작업을 하다보면 특정 계정 권한을 assume해야 하는 경우가 많습니다.
Command Line에서 Assume하기 위해서 Custom한 script를 사용합니다.
Assume을 위해서 ~/.aws/credentials에 ID 계정의 access key와 secret access key 가 입력되어 있어야 합니다.
먼저, 아래의 스크립트를 특정 경로에 저장합니다. (/path/to/folder )
#!/bin/bashREGION="ap-northeast-2"# Set default regionAWS_OPS=""declare-rTRUE=0declare-rFALSE=1ASSUME_ROLE_ARN=""# Please set the vairables below.# Need to change the role's ARN properly.PRD_ASSUME_ROLE_ARN=""# Production IAM Role ARN that a user can assume# Please change to your e-mail.SESSION_NAME="admin@dayone.com"# Usernameusage(){echo"usage: terraform_setup.sh --profile AWS profile name --setup setup temperate AWS key pair --clean clean up environment variables"}is_jq_installed(){if!typejq>>/dev/null ; thenecho"You don't have 'jq' installed, please install it first"exit1fi}setup() { raw_output=$(awssts $AWS_OPS \assume-role--role-arn $ASSUME_ROLE_ARN \--role-session-name $SESSION_NAME) aws_key_id=$(echo $raw_output |jq.Credentials.AccessKeyId) aws_secret_key=$(echo $raw_output |jq.Credentials.SecretAccessKey) session_token=$(echo $raw_output |jq.Credentials.SessionToken)echo"export AWS_ACCESS_KEY_ID=$aws_key_id"echo"export AWS_SECRET_ACCESS_KEY=$aws_secret_key"echo"export AWS_SESSION_TOKEN=$session_token"}clean(){export outputvar="unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN"echo"unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN"eval $outputvar}while [ "$1"!="" ]; docase $1 in"--profile")shift AWS_OPS="--profile $1" ;;"--setup")# You can add option if you add another account while [ "$2"!="" ]; docase $2 in"-p") ASSUME_ROLE_ARN=${PRD_ASSUME_ROLE_ARN} ;;* )"usage"exit1 ;;esacshiftdoneis_jq_installedsetupexit0 ;;"--clean")cleanexit0 ;;* )"usage"exit1 ;;esacshiftdone
해당 경로에서 아래와 같이 명령어를 입력하면 Clipboard에 필요한 정보가 저장됩니다.