I am using aws toolkit for eclipse 2.0. using the options ( window -> preference -> aws toolkit) I have configured IAM/login user api access key id and secret access key. According to our aws configuration, this IAM user has to assume role to view/access any resources in our environment. I am doing it using aws cli with "–-profile " option. How to do the same thing in aws toolkit for eclipse ?
Asked
Active
Viewed 541 times
3
-
1Did you get to know how to do it ? I want to switch to other account by assuming role ? No way to enter role arn in eclipse aws toolkit – Jennings Mar 06 '20 at 09:09
-
Similar to this question: https://stackoverflow.com/questions/63892896/aws-toolkit-for-eclipse-2-0-iam-role-support – atom88 Sep 15 '20 at 22:08
2 Answers
0
Looks like I figured it out with help from an AWS expert. Basically you do 2 things:
- generate an AWS STS session token
- use the "session token" values in your IDE.
Example: aws sts assume-role --role-arn "value" --role-session-name "value" --duration-seconds "value"
put in the values generated for these in your eclipse IDE AWS profile:
AccessKeyId
SecretAccessKey
SessionToken
You can also use a SAML assertion by using this command on the AWS CLI
aws sts assume-role-with-saml --role-arn "value" --principal-arn "value" --saml-assertion "value"
Note: the max session length is defined by the role you're using.
atom88
- 1,449
- 3
- 22
- 32
-1
In order to switch the account you will need to to add the below to your credentials file:
[regular]
aws_access_key_id = xxxxxxxxxxxxxxxxx
aws_secret_access_key = xxxxxxxxxxxx
[dev]
source_profile = regular
role_arn = arn:aws:iam::123456789123:role/RoleName
Once you do that, using AWS Toolkit, you can select "dev" profile and that's it!
Anael
- 1
-
This does not seem to work for me? Anyone else get this to work? I hae version 2.3.1 of the AWS Tookit for Eclipse Core and AWS lambda plugin v. 1.0.0 installed with Eclipse 2019-06 for windows – atom88 Sep 14 '20 at 22:55