aws-assume-role-with-webidentity

command module
v0.0.0-...-599cbe0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 12, 2024 License: MIT Imports: 10 Imported by: 0

README

AWS Assume Role with Web Identity Token in Go

This repository contains a Go script that demonstrates how to assume an AWS role using a Web Identity Token. The script reads necessary environment variables, assumes the role via AWS STS (Security Token Service), and securely handles sensitive information such as Access Key ID, Secret Access Key, and Session Token.

Features

  • Environment Variable Configuration: Reads AWS configuration from environment variables, including AWS_REGION, AWS_ROLE_ARN, and AWS_WEB_IDENTITY_TOKEN_FILE.
  • Assume Role with Web Identity: Uses AWS STS to assume an IAM role with a Web Identity Token.
  • Credential Redaction: By default, the script redacts the Access Key ID, Secret Access Key, and Session Token to avoid exposing sensitive information.
  • Optional Plain Text Output: Use the --no-redact flag to print the credentials in plain text if needed.
  • Error Handling: Comprehensive error handling ensures clear feedback when environment variables are missing or when the AWS API call fails.

Usage

  1. Set Environment Variables:
  • AWS_REGION or AWS_DEFAULT_REGION
  • AWS_ROLE_ARN
  • AWS_WEB_IDENTITY_TOKEN_FILE
  1. Run the Script:
go run main.go

By default, the script will output redacted credentials.

  1. Optional Plain Text Output:
go run main.go --no-redact

Use the --no-redact flag to output the credentials in plain text.

Prerequisites

  • Go 1.16 or later
  • AWS SDK for Go v2

Installation

Install the required dependencies:

go get -u github.com/aws/aws-sdk-go-v2/aws
go get -u github.com/aws/aws-sdk-go-v2/config
go get -u github.com/aws/aws-sdk-go-v2/service/sts

Download and run pre-compiled binary

curl -s -L -O https://github.com/marceloalmeida/aws-assume-role-with-webidentity/releases/download/1.0.0/aws-assume-role-with-webidentity-1.0.0-linux-amd64.tar.gz
tar -zxvf aws-assume-role-with-webidentity-1.0.0-linux-amd64.tar.gz
chmod a+x aws-assume-role-with-webidentity-1.0.0-linux-amd64
./aws-assume-role-with-webidentity-1.0.0-linux-amd64

License

This project is licensed under the MIT License.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.