euare-assumerole

Assume a role by using the Amazon Resource Name (ARN) to get temporary security credentials for that role. Then configure those credentials so subsequent actions work using the role's permissions. The ARN always prepends to the left of the command to complete the string.

Syntax

eval `euare-assumerole arn [--as-account account] [-d duration]`

Options

euare-assumerole accepts common options similar to most other euare commands, but note the difference with the ‑U/--url option in the table below.

Option Description Required
arn:aws:iam::ARN ARN is the role you want to assume. arn:aws:iam::ARN should read either ARN or spell out each part of an ARN, as arn:aws:iam is part of an ARN. For example, when given 123456789012:role/S3Access, it prepends the arn:aws:iam:: to the entry as part of the ARN. Yes
-d duration The number of seconds for which the credentials it retrieves remain valid. Defaults to 900 or can be specified up to 3600. No
--session-name session Identifies the session and used to display your role's credentials. Can be randomly generated if not provided. No
-c Generates C shell-compatible output. Default when the SHELL environment looks like C shell. No
-s Generates Bourne shell-compatible output. Defaults to this option if the SHELL environment does not look like C shell. No
--policy-content policy The contents of an IAM policy that further limits what the assumed role can do. This option cannot grant additional permissions beyond what the role already allows. No
--policy-document file A file of an IAM policy that further limits what the assumed role can do. This option cannot grant additional permissions beyond what the role already allows. No
--external-id A unique identifier that third parties can give to their customers to assume roles in their customers' accounts. For more information about external IDs, go to AWS External ID use case scenario. No
--mfa-serial The identification number of the Multi-Factor Authentication (MFA) device associated with the user who is assuming a role. If used, must be used in conjunction with --mfa-code. No
--mfa-code The code provided by the MFA device that allows access to the role that a user is assuming. If used, must be used in conjunction with --mfa-serial. No
-U, --url Points to the STS (tokens) service, not the IAM service. The matching environment variable for that is TOKENS_URL. No

Output

Eucalyptus returns the policy.

x