Reformat Json Object with AWS STS Credentials into AWS Credentials File

Question

I'm setting up AWS Code Deploy for an on-premise machine. I'm following this guide and am using STS temporary credentials.

I can successfully retrieve credentals via:

aws sts assume-role --role-arn arn:aws:iam::<acct#>:role/<role-name> --role-session-name <session-name>

They are returned in the following format:

{
    "Credentials": {
        "AccessKeyId": "*****",
        "SecretAccessKey": "*****",
        "SessionToken": "*****",
        "Expiration": "2021-03-05T00:55:32Z"
    },
    "AssumedRoleUser": {
        "AssumedRoleId": "*****",
        "Arn": "*****"
    }
}

I need to reformat into an AWS credentials file that looks like this:

[default]
aws_access_key_id=*****
aws_secret_access_key=*****
aws_session_token=*****

How can I reformat the json object into the credentials file?

score 0 · Answer 1 · answered Mar 05 '21 at 00:08

You can retrieve, transform, and write to file in one line using jq and sed.

aws sts assume-role --role-arn arn:aws:iam::<acct#:role/<role-name> --role-session-name <session-name> \
| jq '.Credentials' \
| jq -c '{aws_access_key_id: .AccessKeyId, aws_secret_access_key: .SecretAccessKey, aws_session_token: .SessionToken}' \
| sed -e 's/[{}]//g' -e 's/":"/=/g' -e 's/",/\n/g' -e 's/"//g' \
> <my-file-path>

score 0 · Answer 2 · answered Feb 15 '23 at 01:56

you can do this using printf and --query

printf "
[default]
aws_access_key_id = %s
aws_secret_access_key = %s
aws_session_token = %s
x_security_token_expires = %s" \
    $(aws sts assume-role --role-arn "arn:aws:iam::<acct#>:role/<role-name>" \
      --role-session-name <session-name> \
      --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken,Expiration]" \
      --output text) >> ~/.aws/credentials

if you prefere awk

aws sts assume-role \
--role-arn "arn:aws:iam::<acct#>:role/<role-name>" \
--role-session-name <session-name> \
--query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken,Expiration]" \
--output text | awk '
BEGIN {print "[default]"} 
{ print "aws_access_key_id = " $1 } 
{ print "aws_secret_access_key = " $2 } 
{ print "aws_session_token = " $3 } 
{ print "x_security_token_expires = " $4}' >> ~/.aws/credentials

Reformat Json Object with AWS STS Credentials into AWS Credentials File

2 Answers2