NEW: packer files and minor update to aws-assume-role.py
This commit is contained in:
@@ -0,0 +1,39 @@
|
|||||||
|
# Packer file which query for the latest RHEL9 AMI and print it
|
||||||
|
|
||||||
|
packer {
|
||||||
|
required_plugins {
|
||||||
|
amazon = {
|
||||||
|
source = "github.com/hashicorp/amazon"
|
||||||
|
version = "~> 1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "aws_region" {
|
||||||
|
type = string
|
||||||
|
default = "${env("AWS_REGION")}"
|
||||||
|
}
|
||||||
|
|
||||||
|
data "amazon-ami" "rhel" {
|
||||||
|
filters = {
|
||||||
|
name = "RHEL-9.*HVM_GA*x86_64*GP3"
|
||||||
|
root-device-type = "ebs"
|
||||||
|
virtualization-type = "hvm"
|
||||||
|
}
|
||||||
|
most_recent = true
|
||||||
|
owners = ["amazon"]
|
||||||
|
region = "${var.aws_region}"
|
||||||
|
}
|
||||||
|
|
||||||
|
source "null" "local" {
|
||||||
|
communicator = "none"
|
||||||
|
}
|
||||||
|
|
||||||
|
build {
|
||||||
|
name = "query"
|
||||||
|
sources = ["null.local"]
|
||||||
|
|
||||||
|
provisioner "shell-local" {
|
||||||
|
inline = ["echo ${data.amazon-ami.rhel.id} ${data.amazon-ami.rhel.name}"]
|
||||||
|
}
|
||||||
|
}
|
||||||
Regular → Executable
+18
-10
@@ -1,16 +1,24 @@
|
|||||||
from typing import NoReturn
|
#!/usr/bin/env python3.13
|
||||||
import json
|
from botocore.exceptions import ClientError
|
||||||
import boto3
|
import boto3
|
||||||
import base64
|
import sys
|
||||||
|
|
||||||
def lambda_handler(event, context) -> NoReturn:
|
def main() -> None:
|
||||||
# TODO implement
|
# TODO implement
|
||||||
sts_client = boto3.client('sts')
|
sts_client = boto3.client('sts')
|
||||||
|
try:
|
||||||
assumed_role_object = sts_client.assume_role(
|
assumed_role_object = sts_client.assume_role(
|
||||||
RoleArn="arn:aws:iam::111122223333:role/SomeRole",
|
RoleArn="arn:aws:iam::" + sys.argv[1] + ":role/" + sys.argv[2],
|
||||||
RoleSessionName="lambda-assumeRoleMs"
|
RoleSessionName=sys.argv[2]
|
||||||
)
|
)
|
||||||
print("export AWS_ACCESS_KEY_ID=" + assumed_role_object['Credentials']['AccessKeyId'])
|
print(f'''
|
||||||
print("export AWS_SECRET_ACCESS_KEY=" + assumed_role_object['Credentials']['SecretAccessKey'])
|
export AWS_ACCESS_KEY_ID={assumed_role_object['Credentials']['AccessKeyId']}
|
||||||
print("export AWS_SESSION_TOKEN=" + assumed_role_object['Credentials']['SessionToken'])
|
export AWS_SECRET_ACCESS_KEY{assumed_role_object['Credentials']['SecretAccessKey']}
|
||||||
print("export AWS_DEFAULT_REGION=ap-east-1")
|
export AWS_SESSION_TOKEN={assumed_role_object['Credentials']['SessionToken']}
|
||||||
|
export AWS_DEFAULT_REGION=ap-east-1")
|
||||||
|
''')
|
||||||
|
except ClientError as e:
|
||||||
|
print(e)
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
main()
|
||||||
|
|||||||
Reference in New Issue
Block a user