C3C/nix-configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add command to export assume role creds

Browse Source
This commit is contained in:
Arnie 2025-03-12 13:50:19 +01:00
parent 11b41208a5
commit b71d16c7cf
No known key found for this signature in database
GPG Key ID: 4BDFA3BCF2999D11
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
home-manager/common.nix
View File

@ -113,6 +113,11 @@ in
# use eval $(aws-export-credentials) to expose them to environment
aws-export-credentials = lib.mkDefault "${pkgs.awscli2}/bin/aws configure export-credentials --format env --profile";
aws-export-assume-role = lib.mkDefault "${pkgs.writeShellScript "aws-export-assume-role" ''
[[ -z "$1" || -z "$2" ]] && echo "Usage: aws-export-assume-role <profile> <role-arn>" && exit 1
${pkgs.coreutils}/bin/printf 'export AWS_ACCESS_KEY_ID=%s\nexport AWS_SECRET_ACCESS_KEY=%s\nexport AWS_SESSION_TOKEN=%s' $(${pkgs.awscli2}/bin/aws --profile "$1" sts assume-role --role-arn "$2" --role-session-name lcech --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" --output text)
''}";
aws-s3-cp-public = lib.mkDefault ''
${pkgs.awscli2}/bin/aws s3 cp --acl "public-read" --expires "$(${pkgs.coreutils}/bin/date '+%a, %d %b %Y 00:00:00 GMT' -d "$(${pkgs.coreutils}/bin/date +%Y-%m-%d) + 365 day")" --cache-control "max-age=31536000" --metadata-directive REPLACE
'';