[update] - add option to specific duration when running assume-role and define global variable in main.sh

lamhaison · lamhaison · commit 84e918b8e42d · 2023-01-08T22:40:03.000+07:00
diff --git a/main.sh b/main.sh
@@ -6,8 +6,10 @@ export tmp_credentials="/tmp/aws_temporary_credentials"
 export aws_cli_results="${AWS_CLI_SOURCE_SCRIPTS}/aws_cli_results"
 export aws_cli_logs="${AWS_CLI_SOURCE_SCRIPTS}/aws_cli_results/logs"
 export aws_cli_input_tmp="${AWS_CLI_SOURCE_SCRIPTS}/aws_cli_results/inputs"
-export aws_assume_role_expired_time=55
 export aws_tmp_input="/tmp/aws_tmp_input_23647494949484.txt"
+# max session 1h
+export aws_assume_role_duration=3600s
+export aws_assume_role_expired_time=55
 # To allow log detail of the aws cli [true|false]
 export aws_show_commandline=true
 export aws_log_tail_since=120m
diff --git a/services/assume_role.sh b/services/assume_role.sh
@@ -44,7 +44,7 @@ aws_assume_role_get_credentail() {
 	echo "Running assume-role ${ASSUME_ROLE}"
 	echo "Remove the credential ${tmp_credentials_file}"
 	rm -rf ${tmp_credentials_file}
-	assume-role ${ASSUME_ROLE} >${tmp_credentials_file}
+	assume-role -duration ${aws_assume_role_duration} ${ASSUME_ROLE} >${tmp_credentials_file}
 	empty_file=$(find ${tmp_credentials} -name ${ASSUME_ROLE} -empty)
 	if [ -z "${empty_file}" ]; then
 		zip_tmp_credential
