Back to Details

assume-cloudformation-role

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Assume CloudFormation Write Role

假设CloudFormation写入角色

A skill to obtain the necessary credentials for AWS CloudFormation stack operations (create, delete, update) and set them as environment variables.
这是一项用于获取AWS CloudFormation堆栈操作(创建、删除、更新)所需凭证并将其设置为环境变量的skill。

Purpose

用途

Before CloudFormation operations, assume the specified role to obtain temporary credentials and set them as environment variables that can be used by AWS CLI.
在执行CloudFormation操作前,假设指定角色以获取临时凭证,并将其设置为可被AWS CLI使用的环境变量。

Input Parameters

输入参数

  • profile
    : AWS CLI profile name (default: 
    <profile-name>
    )
  • role_arn
    : IAM role ARN to assume (default: 
    arn:aws:iam::<AWS_ACCOUNT_ID>:role/<RoleName>
    )
  • role_session_name
    : Session name (default: 
    cfn-write
    )
  • profile
    :AWS CLI配置文件名称(默认值:
    <profile-name>
  • role_arn
    :要假设的IAM角色ARN(默认值:
    arn:aws:iam::<AWS_ACCOUNT_ID>:role/<RoleName>
  • role_session_name
    :会话名称(默认值:
    cfn-write

Execution Steps

执行步骤

  1. Use AWS STS to assume the role and obtain credentials
  2. Save credentials to a temporary file
  3. Parse credentials using jq and set as environment variables
  4. Clean up the temporary file
  1. 使用AWS STS假设角色并获取凭证
  2. 将凭证保存到临时文件
  3. 使用jq解析凭证并设置为环境变量
  4. 清理临时文件

Command Example

命令示例

bash
undefined
bash
undefined

Assume role and obtain credentials

假设角色并获取凭证

aws sts assume-role
--role-arn arn:aws:iam::<AWS_ACCOUNT_ID>:role/<RoleName>
--role-session-name cfn-write
--profile <profile-name> \
/tmp/creds.json
aws sts assume-role
--role-arn arn:aws:iam::<AWS_ACCOUNT_ID>:role/<RoleName>
--role-session-name cfn-write
--profile <profile-name> \
/tmp/creds.json

Set environment variables

设置环境变量

export AWS_ACCESS_KEY_ID=$(jq -r '.Credentials.AccessKeyId' /tmp/creds.json) export AWS_SECRET_ACCESS_KEY=$(jq -r '.Credentials.SecretAccessKey' /tmp/creds.json) export AWS_SESSION_TOKEN=$(jq -r '.Credentials.SessionToken' /tmp/creds.json)
export AWS_ACCESS_KEY_ID=$(jq -r '.Credentials.AccessKeyId' /tmp/creds.json) export AWS_SECRET_ACCESS_KEY=$(jq -r '.Credentials.SecretAccessKey' /tmp/creds.json) export AWS_SESSION_TOKEN=$(jq -r '.Credentials.SessionToken' /tmp/creds.json)

Remove temporary file

删除临时文件

rm /tmp/creds.json
undefined
rm /tmp/creds.json
undefined

Output

输出

Environment variables are set, making CloudFormation operations available via AWS CLI:
  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY
  • AWS_SESSION_TOKEN
环境变量已设置,可通过AWS CLI执行CloudFormation操作:
  • AWS_ACCESS_KEY_ID
  • AWS_SECRET_ACCESS_KEY
  • AWS_SESSION_TOKEN

Usage Examples

使用示例

After executing this skill, the following CloudFormation commands become available:
bash
undefined
执行此skill后,即可使用以下CloudFormation命令:
bash
undefined

Create stack

创建堆栈

aws cloudformation create-stack --stack-name my-stack --template-body file://template.yaml
aws cloudformation create-stack --stack-name my-stack --template-body file://template.yaml

Update stack

更新堆栈

aws cloudformation update-stack --stack-name my-stack --template-body file://template.yaml
aws cloudformation update-stack --stack-name my-stack --template-body file://template.yaml

Delete stack

删除堆栈

aws cloudformation delete-stack --stack-name my-stack
undefined
aws cloudformation delete-stack --stack-name my-stack
undefined

Prerequisites

前提条件

  • AWS CLI installed
  • jq command installed
  • Specified profile configured in 
    ~/.aws/credentials
    or 
    ~/.aws/config
  • Source profile has 
    sts:AssumeRole
    permission for the specified role
  • 已安装AWS CLI
  • 已安装jq命令
  • 已在
    ~/.aws/credentials
    ~/.aws/config
    中配置指定的profile
  • 源配置文件拥有对指定角色的
    sts:AssumeRole
    权限

Notes

注意事项

  • Credentials are temporary and typically expire after 1 hour
  • If credentials expire, re-execute this skill
  • For security purposes, temporary files are always deleted after processing
  • 凭证为临时凭证,通常1小时后过期
  • 凭证过期后,需重新执行此skill
  • 出于安全考虑,临时文件在处理完成后会被立即删除