Initial commit

aws/scripts/configure/create-role-profile.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Parse parameters
+while [[ "$#" -gt 0 ]]; do case $1 in
+  --user-profile) USER_PROFILE="$2"; shift;;
+  --role-profile) ROLE_PROFILE="$2"; shift;;
+  --role-arn) ROLE_ARN="$2"; shift;;
+  --session) SESSION="$2";shift;;
+  --region) REGION="$2";shift;;
+  *) echo "Unknown parameter passed: $1"; exit 1;;
+esac; shift; done
+
+# Verify parameters
+if [ -z "$USER_PROFILE" ]; then echo "User profile name is not set."; exit 1; fi;
+if [ -z "$ROLE_PROFILE" ]; then echo "Role profile name is not set."; exit 1; fi;
+if [ -z "$ROLE_ARN" ]; then echo "Role ARN is not set"; exit 1; fi;
+if [ -z "$SESSION" ]; then echo "Session name is not set."; exit 1; fi;
+if [ -z "$REGION" ]; then echo "Region is not set."; exit 1; fi;
+
+creds=$(aws sts assume-role --role-arn $ROLE_ARN --role-session-name $SESSION --profile $USER_PROFILE)
+
+aws_access_key_id=$(echo $creds | jq -r '.Credentials.AccessKeyId')
+echo ::add-mask::$aws_access_key_id
+aws_secret_access_key=$(echo $creds | jq -r '.Credentials.SecretAccessKey')
+echo ::add-mask::$aws_secret_access_key
+aws_session_token=$(echo $creds | jq -r '.Credentials.SessionToken')
+echo ::add-mask::$aws_session_token
+
+aws configure --profile $ROLE_PROFILE set aws_access_key_id $aws_access_key_id
+aws configure --profile $ROLE_PROFILE set aws_secret_access_key $aws_secret_access_key
+aws configure --profile $ROLE_PROFILE set aws_session_token $aws_session_token
+aws configure --profile $ROLE_PROFILE set region $REGION
+
+echo Profile $ROLE_PROFILE is created
+
+bash "${BASH_SOURCE%/*}/mask-identity.sh" --profile $ROLE_PROFILE

aws/scripts/configure/create-user-profile.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Parse parameters
+while [[ "$#" -gt 0 ]]; do case $1 in
+  --profile) PROFILE="$2"; shift;;
+  --access-key-id) ACCESS_KEY_ID="$2"; shift;;
+  --secret-access-key) SECRET_ACCESS_KEY="$2"; shift;;
+  --region) REGION="$2";shift;;
+  *) echo "Unknown parameter passed: $1"; exit 1;;
+esac; shift; done
+
+# Verify parameters
+if [ -z "$PROFILE" ]; then echo "Profile name is not set."; exit 1; fi;
+echo $PROFILE
+if [ -z "$ACCESS_KEY_ID" ]; then echo "Access key ID is not set"; exit 1; fi;
+if [ -z "$SECRET_ACCESS_KEY" ]; then echo "Secret access key is not set."; exit 1; fi;
+if [ -z "$REGION" ]; then echo "Region is not set."; exit 1; fi;
+
+aws configure --profile $PROFILE set aws_access_key_id $ACCESS_KEY_ID
+aws configure --profile $PROFILE set aws_secret_access_key $SECRET_ACCESS_KEY
+aws configure --profile $PROFILE set region $REGION
+
+echo Profile $PROFILE is created
+
+bash "${BASH_SOURCE%/*}/mask-identity.sh" --profile $PROFILE

aws/scripts/configure/mask-identity.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# Parse parameters
+while [[ "$#" -gt 0 ]]; do case $1 in
+  --profile) PROFILE="$2";shift;;
+  *) echo "Unknown parameter passed: $1"; exit 1;;
+esac; shift; done
+
+# Verify parameters
+if [ -z "$PROFILE" ]; then echo "Profile name is not set."; exit 1; fi;
+
+aws_identity=$(aws sts get-caller-identity --profile $PROFILE)
+echo ::add-mask::$(echo $aws_identity | jq -r '.Account')
+echo ::add-mask::$(echo $aws_identity | jq -r '.UserId')
+echo ::add-mask::$(echo $aws_identity | jq -r '.Arn')
+
+echo Credentials are masked