If you need to simply get some credentials to access a customer AWS via CLI, this is the right place.
Makefile
Create a Makefile
with the contents:
export GOOGLE_IDP_ID?=C01501d06
export GOOGLE_SP_ID?=192607830114
export AWS_ACCOUNT_ID=632000501203
export AWS_ROLE=DNX_NEON
GOOGLE_AUTH_IMAGE=dnxsolutions/aws-google-auth:latest
AWS_IMAGE=dnxsolutions/aws:1.18.44-dnx2
assume:
@EXPORT=yes docker run -it --rm --env-file=.env.auth -e AWS_ACCOUNT_ID -e AWS_ROLE -e EXPORT -v $(PWD):/work --entrypoint "" $(AWS_IMAGE) assume-role.sh
google-auth: env-GOOGLE_IDP_ID env-GOOGLE_SP_ID
echo > .env.auth
docker run -it --rm -e GOOGLE_IDP_ID -e GOOGLE_SP_ID -v $(PWD)/.env.auth:/work/.env $(GOOGLE_AUTH_IMAGE)
Then run make google-auth
once every 12 hrs.
And make assume
to get credentials for 1 hour. Copy the output and paste on your shell.
To test, type: aws sts get-caller-identity
one-cli
Create a one.yaml
file with the contents:
required_version: ">= 0.6.2"
plugins:
dnx-assume:
source: https://github.com/DNXLabs/plugin-dnx-assume/archive/0.0.1.tar.gz
parameters:
aws-account-id: 632000501203
aws-role: DNX_NEON
Then run one auth gsuite
once every 12 hrs.
And one dnx-assume
to get credentials for 1 hour. Copy the credentials at ~/.one/secrets
and paste on your shell.
To test, type: one aws sts get-caller-identity