From 020fc428959df0918eb6d75fc061bf3d1a3f6882 Mon Sep 17 00:00:00 2001
From: x p k <xpk@headdesk.me>
Date: Wed, 29 Mar 2023 14:07:45 +0800
Subject: [PATCH] NEW: python aws assume role

---
 py/aws-assume-role.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 py/aws-assume-role.py

diff --git a/py/aws-assume-role.py b/py/aws-assume-role.py
new file mode 100644
index 0000000..f68d872
--- /dev/null
+++ b/py/aws-assume-role.py
@@ -0,0 +1,15 @@
+import json
+import boto3
+import base64
+
+def lambda_handler(event, context):
+    # TODO implement
+    sts_client = boto3.client('sts')
+    assumed_role_object=sts_client.assume_role(
+        RoleArn="arn:aws:iam::111122223333:role/SomeRole",
+        RoleSessionName="lambda-assumeRoleMs"
+    )
+    print("export AWS_ACCESS_KEY_ID=" + assumed_role_object['Credentials']['AccessKeyId'])
+    print("export AWS_SECRET_ACCESS_KEY=" + assumed_role_object['Credentials']['SecretAccessKey'])
+    print("export AWS_SESSION_TOKEN=" + assumed_role_object['Credentials']['SessionToken'])
+    print("export AWS_DEFAULT_REGION=ap-east-1")