如何在Powershell中解析假定角色的凭据并将其设置为脚本中的变量? [英] How can I parse an assumed role's credentials in powershell and set them as a variable in a script?

问题描述

我可以通过运行" aws sts承担角色--role-arn arn:aws:iam :: 1234567890:role/RoleName --role-session-name owca "来成功担任该角色.并成功返回凭据.但是我需要将返回值设置为变量，以便稍后可以在脚本中调用它们.

I can successfully assume the role by running "aws sts assume-role --role-arn arn:aws:iam::1234567890:role/RoleName --role-session-name owca" and it returns the credentials successfully. But I need to set the returned values as variables so I can call them later in the script.

{
    "Account": "1234567890", 
    "UserId": "ABC123:i-1234567890abc", 
    "Arn": "arn:aws:sts::123456:assumed-role/InstanceRole/i-1234567890abc"
}
{
    "AssumedRoleUser": {
    "AssumedRoleId": "ABC123DEF456:TempRoleName", 
    "Arn": "arn:aws:sts::1234567890:assumed-role/RoleName/Name"
}, 
"Credentials": {
    "SecretAccessKey": "1234567890asdfghjkl", 
    "SessionToken": "1234567890qwertyuiopasdfghjklzU=...............", 
    "Expiration": "2018-10-05T12:12:12Z", 
    "AccessKeyId": "ASDFGHJKL"
}

推荐答案

在Powershell中使用 jq 非常容易做到这一点.

This is very easy to do in Powershell using jq.

jq是一种轻量级且灵活的命令行JSON处理器

为了进行测试，请从承担角色获取json输出并保存到文件中.在此示例中，为test.json.

For testing, take the json output from assume-role and save to a file. In this example, test.json.

aws sts assume-role --role-arn arn:aws:iam::1234567890:role/RoleName --role-session-name owca > test.json

test.json:

test.json:

{
    "AssumedRoleUser": {
        "AssumedRoleId": "AROA3XFRBF535PLBIFPI4:s3-access-example",
        "Arn": "arn:aws:sts::123456789012:assumed-role/xaccounts3access/s3-access-example"
    },
    "Credentials": {
        "SecretAccessKey": "9drTJvcXLB89EXAMPLELB8923FB892xMFI",
        "SessionToken": "AQoXdzELDDY//////////wEaoAK1wvxJY12r2IrDFT2IvAzTCn3zHoZ7YNtpiQLF0MqZye/qwjzP2iEXAMPLEbw/m3hsj8VBTkPORGvr9jM5sgP+w9IZWZnU+LWhmg+a5fDi2oTGUYcdg9uexQ4mtCHIHfi4citgqZTgco40Yqr4lIlo4V2b2Dyauk0eYFNebHtYlFVgAUj+7Indz3LU0aTWk1WKIjHmmMCIoTkyYp/k7kUG7moeEYKSitwQIi6Gjn+nyzM+PtoA3685ixzv0R7i5rjQi0YE0lf1oeie3bDiNHncmzosRM6SFiPzSvp6h/32xQuZsjcypmwsPSDtTPYcs0+YN/8BRi2/IcrxSpnWEXAMPLEXSDFTAQAM6Dl9zR0tXoybnlrZIwMLlMi1Kcgo5OytwU=",
        "Expiration": "2016-03-15T00:05:07Z",
        "AccessKeyId": "ASIAJEXAMPLEXEG2JICEA"
    }
}

Powershell代码使用jq提取每个参数并存储为变量:

Powershell code to extract each parameters and store as variables using jq:

$ak = jq -r ".Credentials.AccessKeyId" test.json
$sk = jq -r ".Credentials.SecretAccessKey" test.json
$tk = jq -r ".Credentials.SessionToken" test.json

Write-Host "Acccess Key ID:" $ak
Write-Host "Secret Acccess Key:" $sk
Write-Host "Session Token:" $tk

纯Powershell:

Pure Powershell:

$j = Get-Content -Raw -Path test.json | ConvertFrom-Json

Write-Host "Acccess Key ID:" $j.Credentials.AccessKeyId
Write-Host "Secret Acccess Key:" $j.Credentials.SecretAccessKey
Write-Host "Session Token:" $j.Credentials.SessionToken

程序输出:

Acccess Key ID: ASIAJEXAMPLEXEG2JICEA
Secret Acccess Key: 9drTJvcXLB89EXAMPLELB8923FB892xMFI
Session Token: AQoXdzELDDY//////////wEaoAK1wvxJY12r2IrDFT2IvAzTCn3zHoZ7YNtpiQLF0MqZye/qwjzP2iEXAMPLEbw/m3hsj8VBTkPORGvr9
jM5sgP+w9IZWZnU+LWhmg+a5fDi2oTGUYcdg9uexQ4mtCHIHfi4citgqZTgco40Yqr4lIlo4V2b2Dyauk0eYFNebHtYlFVgAUj+7Indz3LU0aTWk1WKIjHmm
MCIoTkyYp/k7kUG7moeEYKSitwQIi6Gjn+nyzM+PtoA3685ixzv0R7i5rjQi0YE0lf1oeie3bDiNHncmzosRM6SFiPzSvp6h/32xQuZsjcypmwsPSDtTPYcs
0+YN/8BRi2/IcrxSpnWEXAMPLEXSDFTAQAM6Dl9zR0tXoybnlrZIwMLlMi1Kcgo5OytwU=

这篇关于如何在Powershell中解析假定角色的凭据并将其设置为脚本中的变量?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！