DEV Community

Srinivasulu Paranduru for AWS Community Builders

Posted on • Edited on

How to Assume a different AWS IAM role using AWS Cloud Shell

1.Wanted to know through which user you have logged in aws console through cloud shell - Run the below command

aws sts get-caller-identity

Output

[cloudshell-user@ip-10-***-**-*** ~]$ aws sts get-caller-identity
{
    "UserId": "ABCDEFGHIJKLMNOP:info.cloudteachable@gmail.com",
    "Account": "***********",
    "Arn": "arn:aws:sts::*******:assumed-role/info.cloudteachable@gmail.com"
}
Enter fullscreen mode Exit fullscreen mode

2.Wanted to switch to a different IAM Role through the AWS Console

  • Get the IAM Role for which you wanted to switch
    • IAM Role name= arn:aws:iam::AWS_Account_No:role/RoleS3Sync
  • Run the below command to assume role
 aws sts assume-role --role-arn "arn:aws:iam::AWS_Account_No:role/RoleS3Sync" --role-session-name AWSCLI-Session

Enter fullscreen mode Exit fullscreen mode

Note: Replace AWS_Account_No with your AWS Account number

3.Then copy AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY & AWS_SESSION_TOKEN from the step2 output then to the variables

export AWS_ACCESS_KEY_ID= Output of step2 -AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY=Output of step2 -AWS_SECRET_ACCESS_KEY
export AWS_SESSION_TOKEN=Output of step2 -AWS_SESSION_TOKEN

Enter fullscreen mode Exit fullscreen mode

4.Copy the above 3 export variables then paste it in cloud shell and run it.

5.Now the command - aws sts get-caller-identity
You will see the switch role being used.

Conclusion : How to assume different IAM Role through AWS Cloud shell
💬 If you enjoyed reading this blog post and found it informative, please take a moment to share your thoughts by leaving a review and liking it 😀 and follow me in dev.to , linkedin

Top comments (0)