Skip to content

Add --jump flag for intermediate role access #39

Open
Open
Add --jump flag for intermediate role access#39
@cnuss

Description

@cnuss
cnuss
opened on Mar 17, 2023

In the following case:

  • $(saml-to assume some-role --headless)

Assume that some-role is an intermediate role that can access other roles.

Add a --jump {some-other-role-arn} flag which will further assume the desired role, e.g.:

$(saml-to assume some-role --headless --jump arn:aws:iam::000000000000:role/some-other-role)

Which would:

  • assume some-role using GitHub token
  • assume arn:aws:iam::000000000000:role/some-other-role using some-role token
  • save/output arn:aws:iam::000000000000:role/some-other-role token

Make --jump able to be specified any number of times for additional additional intermediate roles, e.g.:

$(saml-to assume some-role --headless --jump arn:aws:iam::000000000000:role/some-other-role --jump arn:aws:iam::1111111111111:role/another-role)

Which would:

  • assume some-role using GitHub token
  • assume arn:aws:iam::000000000000:role/some-other-role using some-role token
  • assume arn:aws:iam::1111111111111:role/another-role using arn:aws:iam::000000000000:role/some-other-role token
  • save/output arn:aws:iam::1111111111111:role/another-role token

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions