Building DevSecOps solutions using AWS, Terraform and Kubernetes

How to assume role from CLI

  • 17th June 2022

The Scenario

We would like to assume roles via the CLI in AWS.

Role Details

First connect your CLI to an account with the permission to assume the role.

Now enter the role's arn that you would like to assume:

Assume Role Command

...

Confirm it worked

Now to confirm it worked as expected, run:

aws sts get-caller-identity

You should now see the arn of the assumed role.

Debugging Failures

If there are any issues then make sure that you have permission to assume this role.

For example, you may need to add a statement to the trust relationship against the role to give your CLI user access:

// ...

{
    "Effect": "Allow",
    "Principal": {
        "AWS": "arn:aws:iam::1234567890:user/demo-user-arn-please-replace-me"
    },
    "Action": "sts:AssumeRole"
}

// ...

Summary

That's it! This command will fetch the access keys and configure them for you.

You can now run commands under this role.

Rhuaridh

Please get in touch through my socials if you would like to ask any questions - I am always happy to speak tech!

Hello, I am a Senior DevSecOps Engineer working in the e-commerce and fintech space. I occassionally like to blog about stuff.