How to assume an AWS IAM role via the CLI
aws iam roles

How to assume an AWS IAM role via the CLI
You need to assume a role from the AWS CLI.
Approach
Assume/Impersonate a role that has rights you desire using aws sts
assume-role
command
aws sts assume-role --role-arn "arn:aws:iam::[Account Id]:role/[Role Name]" --role-session-name [Session Name]
Depending on your workflow, ensure that the AccessKeyId
, SecretAccessKey
, and SessionToken
output from that command are stored where they need to be. Also, ensure that the region is set to the desired target. A simple approach is to create a new section in the credentials file and mark that as the default with the required values.
Example:
[default]
aws_access_key_id = [Access Key]
aws_secret_access_key = [Secret Key]
On completion, a session token will be added to the credentials file:
[default]
aws_access_key_id = [Access Key]
aws_secret_access_key = [Secret Key]
aws_session_token=[Security Token]
⚠️ Assuming a role provides a short-lived token, if you suddenly lose access again, check that the token has not expired. In which case you will need to assume the role again.