forked from mludvig/aws-utils
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathget-instance-credentials
executable file
·41 lines (35 loc) · 1.14 KB
/
get-instance-credentials
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/usr/bin/env python
# By Michael Ludvig <[email protected]> (c) 2015
# License: GPLv3
# Fetch EC2 Role credentials from instance meta-data
# and print as bash-compatible export statements.
#
# Usage:
#
# 1. On EC2 instance:
# $ ./get-instance-credentials
# Copy the export statements to clipboard
#
# 2. On your laptop:
# Past the export statements to a shell
# aws sts get-credentials
# aws ...
# s3cmd ...
import json
try:
from urllib2 import urlopen
except ImportError:
from urllib.request import urlopen
# Figure out the Role name
response = urlopen('http://169.254.169.254/latest/meta-data/iam/security-credentials/')
role_name = response.read()
if isinstance(role_name, bytes):
role_name = role_name.decode('utf-8')
# Fetch the credentials
response = urlopen('http://169.254.169.254/latest/meta-data/iam/security-credentials/%s' % role_name)
cred_json = response.read()
# Format and print as bash exports
creds = json.loads(cred_json)
print('export AWS_ACCESS_KEY_ID="%s"' % creds["AccessKeyId"])
print('export AWS_SECRET_ACCESS_KEY="%s"' % creds["SecretAccessKey"])
print('export AWS_SESSION_TOKEN="%s"' % creds["Token"])