A really simple program to assume an IAM Role (by calling AssumeRole) and saving the resulting credentials back to your local credential file (~/.aws/credentials by default).
% cargo build
% assume-role --help
assume-role 0.1.0
Adam Batkin <[email protected]>
USAGE:
assume-role --role <role> --session-name <session-name>
OPTIONS:
--dest-file <dest-file>
Credential file to save new credentials to [env: AWS_SHARED_CREDENTIALS_FILE=]
--dest-profile <dest-profile> Profile to save new credentials [default: default]
--duration <duration>
Lifetime in seconds for temporary credentials (AWS default is 3600 = 1 hour)
--external-id <external-id> External ID to pass to assume-role
-f, --file <file> Credential file to load credentials from when calling assume-role
-h, --help Prints help information
--mfa <mfa> MFA token code
--mfa-serial-number <mfa-serial-number> MFA device serial number
--policy <policy>... ARN(s) of IAM managed policies to use as managed session policies
--policy-json <policy-json> Inline session policy JSON
-p, --profile <profile> AWS Profile to use when calling assume-role
--proxy <proxy> Proxy URL
--region <region>
AWS Region for STS endpoint [env: AWS_DEFAULT_REGION=] [default: us-east-1]
-r, --role <role> ARN of role ot assume
-s, --session-name <session-name> Session name to pass to assume-role
-V, --version Prints version information
Realistically, you need to pass --role, --session-name and you probably want --dest-profile (and possibly --profile or set AWS_PROFILE).