diff --git a/README.md b/README.md index 236af8d..6726287 100644 --- a/README.md +++ b/README.md @@ -87,10 +87,22 @@ export AWS_ACCESS_KEY_ID="ASIAI....UOCA" export AWS_SECRET_ACCESS_KEY="DuH...G1d" export AWS_SESSION_TOKEN="AQ...1BQ==" export AWS_SECURITY_TOKEN="AQ...1BQ==" +export ASSUMED_ROLE="prod" # Run this to configure your shell: # eval $(assume-role prod) ``` +Or windows: +```cmd +$env:AWS_ACCESS_KEY_ID="ASIAI....UOCA" +$env:AWS_SECRET_ACCESS_KEY="DuH...G1d" +$env:AWS_SESSION_TOKEN="AQ...1BQ==" +$env:AWS_SECURITY_TOKEN="AQ...1BQ==" +$env:ASSUMED_ROLE="prod" +# Run this to configure your shell: +# assume-role.exe prod | Invoke-Expression +``` + ## TODO * [ ] Cache credentials. diff --git a/main.go b/main.go index d7d7754..d5dd34a 100644 --- a/main.go +++ b/main.go @@ -17,6 +17,7 @@ import ( "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/sts" "gopkg.in/yaml.v2" + "runtime" ) var configFilePath = fmt.Sprintf("%s/.aws/roles", os.Getenv("HOME")) @@ -78,7 +79,11 @@ func main() { } if len(args) == 0 { - printCredentials(role, creds) + if runtime.GOOS == "windows" { + printWindowsCredentials(role, creds) + } else { + printCredentials(role, creds) + } return } @@ -120,6 +125,18 @@ func printCredentials(role string, creds *credentials.Value) { fmt.Printf("# eval $(%s)\n", strings.Join(os.Args, " ")) } +// printWindowsCredentials prints the credentials in a way that can easily be sourced +// with Windows powershell using Invoke-Expression. +func printWindowsCredentials(role string, creds *credentials.Value) { + fmt.Printf("$env:AWS_ACCESS_KEY_ID=\"%s\"\n", creds.AccessKeyID) + fmt.Printf("$env:AWS_SECRET_ACCESS_KEY=\"%s\"\n", creds.SecretAccessKey) + fmt.Printf("$env:AWS_SESSION_TOKEN=\"%s\"\n", creds.SessionToken) + fmt.Printf("$env:AWS_SECURITY_TOKEN=\"%s\"\n", creds.SessionToken) + fmt.Printf("$env:ASSUMED_ROLE=\"%s\"\n", role) + fmt.Printf("# Run this to configure your shell:\n") + fmt.Printf("# %s | Invoke-Expression \n", strings.Join(os.Args, " ")) +} + // assumeProfile assumes the named profile which must exist in ~/.aws/config // (https://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html) and returns the temporary STS // credentials.