问题描述
我可以通过运行" aws sts承担角色--role-arn arn:aws:iam :: 1234567890:role/RoleName --role-session-name owca "来成功担任该角色.并成功返回凭据.但是我需要将返回值设置为变量,以便稍后可以在脚本中调用它们.
I can successfully assume the role by running "aws sts assume-role --role-arn arn:aws:iam::1234567890:role/RoleName --role-session-name owca" and it returns the credentials successfully. But I need to set the returned values as variables so I can call them later in the script.
{
"Account": "1234567890",
"UserId": "ABC123:i-1234567890abc",
"Arn": "arn:aws:sts::123456:assumed-role/InstanceRole/i-1234567890abc"
}
{
"AssumedRoleUser": {
"AssumedRoleId": "ABC123DEF456:TempRoleName",
"Arn": "arn:aws:sts::1234567890:assumed-role/RoleName/Name"
},
"Credentials": {
"SecretAccessKey": "1234567890asdfghjkl",
"SessionToken": "1234567890qwertyuiopasdfghjklzU=...............",
"Expiration": "2018-10-05T12:12:12Z",
"AccessKeyId": "ASDFGHJKL"
}
推荐答案
在Powershell中使用 jq 非常容易做到这一点.
This is very easy to do in Powershell using jq.
为了进行测试,请从承担角色获取json输出并保存到文件中.在此示例中,为test.json.
For testing, take the json output from assume-role and save to a file. In this example, test.json.
aws sts assume-role --role-arn arn:aws:iam::1234567890:role/RoleName --role-session-name owca > test.json
test.json:
test.json:
{
"AssumedRoleUser": {
"AssumedRoleId": "AROA3XFRBF535PLBIFPI4:s3-access-example",
"Arn": "arn:aws:sts::123456789012:assumed-role/xaccounts3access/s3-access-example"
},
"Credentials": {
"SecretAccessKey": "9drTJvcXLB89EXAMPLELB8923FB892xMFI",
"SessionToken": "AQoXdzELDDY//////////wEaoAK1wvxJY12r2IrDFT2IvAzTCn3zHoZ7YNtpiQLF0MqZye/qwjzP2iEXAMPLEbw/m3hsj8VBTkPORGvr9jM5sgP+w9IZWZnU+LWhmg+a5fDi2oTGUYcdg9uexQ4mtCHIHfi4citgqZTgco40Yqr4lIlo4V2b2Dyauk0eYFNebHtYlFVgAUj+7Indz3LU0aTWk1WKIjHmmMCIoTkyYp/k7kUG7moeEYKSitwQIi6Gjn+nyzM+PtoA3685ixzv0R7i5rjQi0YE0lf1oeie3bDiNHncmzosRM6SFiPzSvp6h/32xQuZsjcypmwsPSDtTPYcs0+YN/8BRi2/IcrxSpnWEXAMPLEXSDFTAQAM6Dl9zR0tXoybnlrZIwMLlMi1Kcgo5OytwU=",
"Expiration": "2016-03-15T00:05:07Z",
"AccessKeyId": "ASIAJEXAMPLEXEG2JICEA"
}
}
Powershell代码使用jq提取每个参数并存储为变量:
Powershell code to extract each parameters and store as variables using jq:
$ak = jq -r ".Credentials.AccessKeyId" test.json
$sk = jq -r ".Credentials.SecretAccessKey" test.json
$tk = jq -r ".Credentials.SessionToken" test.json
Write-Host "Acccess Key ID:" $ak
Write-Host "Secret Acccess Key:" $sk
Write-Host "Session Token:" $tk
纯Powershell:
Pure Powershell:
$j = Get-Content -Raw -Path test.json | ConvertFrom-Json
Write-Host "Acccess Key ID:" $j.Credentials.AccessKeyId
Write-Host "Secret Acccess Key:" $j.Credentials.SecretAccessKey
Write-Host "Session Token:" $j.Credentials.SessionToken
程序输出:
Acccess Key ID: ASIAJEXAMPLEXEG2JICEA
Secret Acccess Key: 9drTJvcXLB89EXAMPLELB8923FB892xMFI
Session Token: AQoXdzELDDY//////////wEaoAK1wvxJY12r2IrDFT2IvAzTCn3zHoZ7YNtpiQLF0MqZye/qwjzP2iEXAMPLEbw/m3hsj8VBTkPORGvr9
jM5sgP+w9IZWZnU+LWhmg+a5fDi2oTGUYcdg9uexQ4mtCHIHfi4citgqZTgco40Yqr4lIlo4V2b2Dyauk0eYFNebHtYlFVgAUj+7Indz3LU0aTWk1WKIjHmm
MCIoTkyYp/k7kUG7moeEYKSitwQIi6Gjn+nyzM+PtoA3685ixzv0R7i5rjQi0YE0lf1oeie3bDiNHncmzosRM6SFiPzSvp6h/32xQuZsjcypmwsPSDtTPYcs
0+YN/8BRi2/IcrxSpnWEXAMPLEXSDFTAQAM6Dl9zR0tXoybnlrZIwMLlMi1Kcgo5OytwU=
这篇关于如何在Powershell中解析假定角色的凭据并将其设置为脚本中的变量?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!