How to Assume a different AWS IAM role using AWS Cloud Shell

#aws #sts #cloudshell

1.Wanted to know through which user you have logged in aws console through cloud shell - Run the below command

aws sts get-caller-identity

Output

[cloudshell-user@ip-10-***-**-*** ~]$ aws sts get-caller-identity
{
    "UserId": "ABCDEFGHIJKLMNOP:info.cloudteachable@gmail.com",
    "Account": "***********",
    "Arn": "arn:aws:sts::*******:assumed-role/info.cloudteachable@gmail.com"
}

2.Wanted to switch to a different IAM Role through the AWS Console

Get the IAM Role for which you wanted to switch
- IAM Role name= arn:aws:iam::AWS_Account_No:role/RoleS3Sync
Run the below command to assume role

 aws sts assume-role --role-arn "arn:aws:iam::AWS_Account_No:role/RoleS3Sync" --role-session-name AWSCLI-Session

Note: Replace AWS_Account_No with your AWS Account number

3.Then copy AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY & AWS_SESSION_TOKEN from the step2 output then to the variables

export AWS_ACCESS_KEY_ID= Output of step2 -AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY=Output of step2 -AWS_SECRET_ACCESS_KEY
export AWS_SESSION_TOKEN=Output of step2 -AWS_SESSION_TOKEN

4.Copy the above 3 export variables then paste it in cloud shell and run it.

5.Now the command - aws sts get-caller-identity
You will see the switch role being used.

Conclusion : How to assume different IAM Role through AWS Cloud shell
💬 If you enjoyed reading this blog post and found it informative, please take a moment to share your thoughts by leaving a review and liking it 😀 and follow me in dev.to , linkedin

Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more