AWS CLI
The AWS CLI has various methods for using an AWS Token on a system, wether it be in on a Developer System, or CI/CD (such as GitHub Actions).
Using Environment Variables
In an Interactive Terminal (e.g. Developer Laptop)
Add the --headless flag to the saml-to assume command in a subshell $(...)
$(saml-to assume the-role-name --headless)
aws sts get-caller-identity # (optional, shows the identity that is now assumed)
aws ec2 describe-instances # (or whatever AWS CLI command desired)In GitHub Actions
In the Workflow YAML, use provide the Repository Secret (automatically generated using ${{ secrets.GITHUB_TOKEN }} and the Assume AWS Role Action
steps:
- uses: saml-to/assume-aws-role-action@v1
with:
role: arn:aws:iam::123456789012:role/admin
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: aws sts get-caller-identity # (optional, shows the identity that is now assumed)
- run: aws ec2 describe-instances # (or whatever AWS CLI command desired)Using Profiles
In an Interactive Terminal (e.g. Developer Laptop)
Add the --save flag to the saml-to assume command
saml-to assume the-role-name --save
aws sts get-caller-identity --profile the-role-name
aws ec2 describe-instances --profile the-role-nameIn GitHub Actions
Add the profile: option to the Assume AWS Role Action
steps:
- uses: saml-to/assume-aws-role-action@v1
with:
role: arn:aws:iam::123456789012:role/admin
profile: the-profile-name
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: aws sts get-caller-identity # (optional, shows the identity that is now assumed)
- run: aws ec2 describe-instances # (or whatever AWS CLI command desired)Named Profiles
Named Profiles are useful if you need to access multiple AWS accounts or Roles in the same session
Last updated