UNPKG

@enfo/aws-assume

Version:

Utility package for assuming into AWS roles in build pipelines

github.com/enfogroup/aws-assume-role

enfogroup/aws-assume-role

40 lines (27 loc) 1.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# Introduction When building using for example Bitbucket Pipelines you might find yourself in a situation where you want to deploy to multiple AWS accounts. This package allows you to easily switch to an AWS role in a different account. ## Installation ```bash npm install @enfo/aws-assume --save-dev ``` ## Usage Let us say you have two accounts: A and B. In your build pipelines you have AWS keys configured for deployments to account A. If you want to deploy to B you need to setup a role that the deploying account A role can assume. Then you can set it up as follows: ```json { "scripts": { "assume:test": "npx @enfo/aws-assume ACCOUNT_B_ARN_HERE" } ... } ``` The package will print variables on the format "export AWS_ACCESS_KEY_ID=ASIA..." so in your build pipelines you have to run eval on the output. The silent flag suppresses npm script output which would otherwise ruin the command. ```bash eval $(npm run assume:test --silent) ``` ## Configuration It takes two parameters - role ARN and session duration. * The role ARN is mandatory and if one is not supplied an error will be thrown * The duration is in seconds and optional, the default value is 900 seconds (15 minutes). Example: ```bash npx @enfo/aws-assume arn:aws:iam::111122223333:role/Some-Fancy-Role 1800 ```