Given that logging-in with aws login sso is successful.
Successully logged into Start URL: *****
From here I want to start my service that requires the following environment variables with AWS credentials to be set:
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_SESSION_TOKENHow can I extract those variables into the current shell?
I found a possible workaround that works for me: I noticed that after I login and run aws sts get-caller-identity it creates files in the ~/.aws directory, from where it can be parsed with script like:
#!/usr/bin/env bash
set -e
AWS_ACCESS_KEY_ID=$(cat ~/.aws/cli/cache/*.json | jq '.Credentials.AccessKeyId' --raw-output)
AWS_SECRET_ACCESS_KEY=$(cat ~/.aws/cli/cache/*.json | jq '.Credentials.SecretAccessKey' --raw-output)
AWS_SESSION_TOKEN=$(cat ~/.aws/cli/cache/*.json | jq '.Credentials.SessionToken' --raw-output)
>&2 echo "✨ you need to eval output of this script in your current window:"
>&2 echo ' eval $('$0')'
>&2 echo ""
echo "export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}"
echo "export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}"
echo "export AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN}"
After evaluating the output of this script with eval $(./parse-aws-cache.sh) the environment variables are set, and I can start my service consuming AWS credentials.
It works for me for today, but I have some doubts about this solution:
Ideally, I would expect an answer which either:
This can now be done using built-in functionality of the AWS CLI.
Simply run eval "$(aws configure export-credentials --profile your-profile-name --format env)" and you should be good to go.