2025-06-12 15:09:24 -07:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
MFA_TOKEN=$1
|
2025-06-12 15:09:24 -07:00
|
|
|
# Capture everything from second argument onward as a command
|
|
|
|
|
shift
|
|
|
|
|
COMMAND=("$@")
|
2025-06-12 15:09:24 -07:00
|
|
|
|
2025-06-16 18:49:18 -07:00
|
|
|
if [ -z "MFA_TOKEN" ]; then
|
2025-06-12 15:09:24 -07:00
|
|
|
echo "Error: Run with MFA token!"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ -z $BW_AWS_ACCOUNT_SECRET_ID ]; then
|
|
|
|
|
echo "env var BW_AWS_ACCOUNT_SECRET_ID must be set!"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
AWS_SECRETS=$(bw get item $BW_AWS_ACCOUNT_SECRET_ID)
|
|
|
|
|
|
|
|
|
|
export AWS_ACCESS_KEY_ID=$(echo "$AWS_SECRETS" | jq -r '.fields[0].value')
|
|
|
|
|
export AWS_SECRET_ACCESS_KEY=$(echo "$AWS_SECRETS" | jq '.fields[1].value' | tr -d '"')
|
|
|
|
|
|
|
|
|
|
SESSION_OUTPUT=$(aws sts assume-role --role-arn $S3_ROLE --role-session-name $SESSION_TYPE --serial-number $MFA_IDENTIFIER --token-code $MFA_TOKEN)
|
|
|
|
|
#echo $SESSION_OUTPUT
|
|
|
|
|
export AWS_SESSION_TOKEN=$(echo "$SESSION_OUTPUT" | jq '.Credentials.SessionToken' | tr -d '"')
|
|
|
|
|
export AWS_ACCESS_KEY_ID=$(echo "$SESSION_OUTPUT" | jq '.Credentials.AccessKeyId' | tr -d '"')
|
|
|
|
|
export AWS_SECRET_ACCESS_KEY=$(echo "$SESSION_OUTPUT" | jq '.Credentials.SecretAccessKey' | tr -d '"')
|
|
|
|
|
#echo $AWS_SESSION_TOKEN
|
|
|
|
|
#echo $AWS_ACCESS_KEY_ID
|
|
|
|
|
#echo $AWS_SECRET_ACCESS_KEY
|
2025-06-12 15:09:24 -07:00
|
|
|
|
|
|
|
|
if command -v "$COMMAND" >/dev/null 2>&1; then
|
|
|
|
|
"${COMMAND[@]}"
|
2025-06-16 18:49:18 -07:00
|
|
|
else
|
|
|
|
|
aws s3 ls s3://witch-lab-3
|
2025-06-12 15:09:24 -07:00
|
|
|
fi
|
