How to assume an AWS IAM role via the CLI
aws iam roles

Photo by engin akyurt on Unsplash
How to assume an AWS IAM role via the CLI
You need to assume a role from the AWS CLI.
Approach
Assume/Impersonate a role that has rights you desire using aws sts
assume-role
command
aws sts assume-role --role-arn "arn:aws:iam::[Account Id]:role/[Role Name]" --role-session-name [Session Name]
Depending on your workflow, ensure that the AccessKeyId
, SecretAccessKey
, and SessionToken
output from that command are stored where they need to be. Also, ensure that the region is set to the desired target. A simple approach is to create a new section in the credentials file and mark that as the default with the required values.
Example:
[default]
aws_access_key_id = [Access Key]
aws_secret_access_key = [Secret Key]
On completion, a session token will be added to the credentials file:
[default]
aws_access_key_id = [Access Key]
aws_secret_access_key = [Secret Key]
aws_session_token=[Security Token]
⚠️ Assuming a role provides a short-lived token, if you suddenly lose access again, check that the token has not expired. In which case you will need to assume the role again.