How to assume an AWS IAM role via the CLI
You need to assume a role from the AWS CLI.
Assume/Impersonate a role that has rights you desire using
aws sts assume-role --role-arn "arn:aws:iam::[Account Id]:role/[Role Name]" --role-session-name [Session Name]
Depending on your workflow, ensure that the
SessionToken output from that command are stored where they need to be. Also, ensure that the region is set to the desired target. A simple approach is to create a new section in the credentials file and mark that as the default with the required values.
[default] aws_access_key_id = [Access Key] aws_secret_access_key = [Secret Key]
On completion, a session token will be added to the credentials file:
[default] aws_access_key_id = [Access Key] aws_secret_access_key = [Secret Key] aws_session_token=[Security Token]
⚠️ Assuming a role provides a short-lived token, if you suddenly lose access again, check that the token has not expired. In which case you will need to assume the role again.