· 6 years ago · Jun 23, 2019, 03:12 PM
1$source_profile = "default"
2$region = "ap-southeast-2"
3$mfa_serial = "arn:aws:iam::account_id:mfa/username"
4$role_arn = "arn:aws:iam::account_id:role/role-test"
5$target_profile = "test"
6$target_profile_path = "$HOME\.aws\credentials"
7$session_name = "test"
8
9# Get token code
10$token_code = Read-Host -Prompt 'Enter MFA token:'
11
12# Assume Role
13$Response = (Use-STSRole -Region $region -RoleArn $role_arn -RoleSessionName $session_name -ProfileName $source_profile -SerialNumber $mfa_serial -TokenCode $token_code).Credentials
14
15# Export Crendentail as environment variable
16$env:AWS_ACCESS_KEY_ID=$Response.AccessKeyId
17$env:AWS_SECRET_ACCESS_KEY=$Response.SecretAccessKey
18$env:AWS_SESSION_TOKEN=$Response.SessionToken
19
20# Create Profile with Credentials
21Set-AWSCredential -StoreAs $target_profile -ProfileLocation $target_profile_path -AccessKey $Response.AccessKeyId -SecretKey $Response.SecretAccessKey -SessionToken $Response.SessionToken
22
23# Print expiration time
24Write-Host("Credentials will expire at: " + $Response.Expiration)