在 Eclipse 2.0 的 aws 工具包中承担/切换角色

Question

I am using aws toolkit for eclipse 2.0. using the options ( window -> preference -> aws toolkit) I have configured IAM/login user api access key id and secret access key. According to our aws configuration, this IAM user has to assume role to view/access any resources in our environment. I am doing it using aws cli with "–-profile " option. How to do the same thing in aws toolkit for eclipse ?

Answer 1

Looks like I figured it out with help from an AWS expert. Basically you do 2 things:

1. generate an AWS STS session token
2. use the "session token" values in your IDE.

Example: aws sts assume-role --role-arn "value" --role-session-name "value" --duration-seconds "value"

put in the values generated for these in your eclipse IDE AWS profile:

    AccessKeyId
    SecretAccessKey
    SessionToken

You can also use a SAML assertion by using this command on the AWS CLI

aws sts assume-role-with-saml --role-arn "value" --principal-arn "value" --saml-assertion "value" 

Note: the max session length is defined by the role you're using.

Answer 2

In order to switch the account you will need to to add the below to your credentials file:

[regular]
aws_access_key_id = xxxxxxxxxxxxxxxxx
aws_secret_access_key = xxxxxxxxxxxx

[dev]
source_profile = regular
role_arn = arn:aws:iam::123456789123:role/RoleName

Once you do that, using AWS Toolkit, you can select "dev" profile and that's it!