我正在为一台本地机器设置AWS Code Deploy。我遵循本指南,使用STS临时凭据。
我可以成功检索凭据通过:
aws sts assume-role --role-arn arn:aws:iam::<acct#>:role/<role-name> --role-session-name <session-name>
它们以以下格式返回:
{
"Credentials": {
"AccessKeyId": "*****",
"SecretAccessKey": "*****",
"SessionToken": "*****",
"Expiration": "2021-03-05T00:55:32Z"
},
"AssumedRoleUser": {
"AssumedRoleId": "*****",
"Arn": "*****"
}
}
我需要重新格式化成一个AWS凭证文件,看起来像这样:
[default]
aws_access_key_id=*****
aws_secret_access_key=*****
aws_session_token=*****
如何将json对象重新格式化为凭据文件?
您可以使用jq和sed在一行中检索、转换和写入文件。
aws sts assume-role --role-arn arn:aws:iam::<acct#:role/<role-name> --role-session-name <session-name>
| jq '.Credentials'
| jq -c '{aws_access_key_id: .AccessKeyId, aws_secret_access_key: .SecretAccessKey, aws_session_token: .SessionToken}'
| sed -e 's/[{}]//g' -e 's/":"/=/g' -e 's/",/n/g' -e 's/"//g'
> <my-file-path>
您可以使用printf和--query
printf "
[default]
aws_access_key_id = %s
aws_secret_access_key = %s
aws_session_token = %s
x_security_token_expires = %s"
$(aws sts assume-role --role-arn "arn:aws:iam::<acct#>:role/<role-name>"
--role-session-name <session-name>
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken,Expiration]"
--output text) >> ~/.aws/credentials
如果你喜欢awk
aws sts assume-role
--role-arn "arn:aws:iam::<acct#>:role/<role-name>"
--role-session-name <session-name>
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken,Expiration]"
--output text | awk '
BEGIN {print "[default]"}
{ print "aws_access_key_id = " $1 }
{ print "aws_secret_access_key = " $2 }
{ print "aws_session_token = " $3 }
{ print "x_security_token_expires = " $4}' >> ~/.aws/credentials