Skip to content

Commit

Permalink
Enhancement IAM assumed role session duration error handling by @jfa…
Browse files Browse the repository at this point in the history 
…goagas

 Enhancement IAM assumed role session duration error handling by @jfagoagas
  • Loading branch information
@toniblyx
toniblyx authored Nov 15, 2021
2 parents 3e78f01 + 563cd71 commit d272fad
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 2 deletions.
13 changes: 11 additions & 2 deletions include/assume_role
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ assume_role(){
# In some cases you will need more than 1h.
if [[ -z $SESSION_DURATION_TO_ASSUME ]]; then
SESSION_DURATION_TO_ASSUME="3600"
elif [[ "${SESSION_DURATION_TO_ASSUME}" -gt "43200" ]] || [[ "${SESSION_DURATION_TO_ASSUME}" -lt "900" ]]; then
echo "$OPTRED ERROR!$OPTNORMAL - Role session duration must be more than 900 seconds and less than 4300 seconds"
exit 1
fi

# temporary file where to store credentials
Expand Down Expand Up @@ -49,7 +52,10 @@ assume_role(){
fi
if [[ $(grep AccessDenied $TEMP_STS_ASSUMED_FILE) ]]; then
textFail "Access Denied assuming role $PROWLER_ROLE"
rm -f $TEMP_STS_ASSUMED_FILE
EXITCODE=1
exit $EXITCODE
elif [[ "$(grep MaxSessionDuration $TEMP_STS_ASSUMED_FILE)" ]]; then
textFail "The requested DurationSeconds exceeds the MaxSessionDuration set for the role ${PROWLER_ROLE}"
EXITCODE=1
exit $EXITCODE
fi
Expand Down Expand Up @@ -78,6 +84,9 @@ assume_role(){
export AWS_SECRET_ACCESS_KEY=$(cat $TEMP_STS_ASSUMED_FILE | jq -r '.Credentials.SecretAccessKey')
export AWS_SESSION_TOKEN=$(cat $TEMP_STS_ASSUMED_FILE | jq -r '.Credentials.SessionToken')
export AWS_SESSION_EXPIRATION=$(cat $TEMP_STS_ASSUMED_FILE | jq -r '.Credentials.Expiration | sub("\\+00:00";"Z") | fromdateiso8601')
rm -fr $TEMP_STS_ASSUMED_FILE
cleanSTSAssumeFile
}

cleanSTSAssumeFile() {
rm -fr "${TEMP_STS_ASSUMED_FILE}"
}
1 change: 1 addition & 0 deletions include/credentials_report
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ cleanTemp(){
if [[ $KEEPCREDREPORT -ne 1 ]]; then
rm -fr $TEMP_REPORT_FILE
fi
cleanSTSAssumeFile
}

# Delete the temporary report file if we get interrupted/terminated
Expand Down

0 comments on commit d272fad

Please sign in to comment.