AWS Toolkit for Eclipse 2.0 IAM role support?

Question

I am using aws toolkit for eclipse 2.0. using the options ( window -> preference -> aws toolkit) I have configured IAM/login user api access key id and secret access key. According to our aws configuration, this IAM user has to assume role to view/access any resources in our environment.

I am able to access AWS CLI with different profiles. In a credentials file I define a [profile] section with the aws secret key and access key.

Then in the config file I define a [profile <profile_name>] section and reference it with source_profile=<profile_name>

This doesn't seem to be recognized in AWS Toolkit 2.0 for eclipse? I even tried copying and pasting the profile section from the config file to the credentials file and it still doesn't work?

Does awstk 2.0 not support switching / assuming roles for a login?

Answer 1

Looks like I figured it out with help from an AWS expert. Basically you do 2 things:

1. generate an AWS STS session token
2. use the "session token" values in your IDE.

Example: aws sts assume-role --role-arn --role-session-name --duration-seconds

put in the values generated for these in your eclipse IDE AWS profile:

    AccessKeyId
    SecretAccessKey
    SessionToken

You can also use a SAML assertion by using this command on the AWS CLI

aws sts assume-role-with-saml --role-arn <value> --principal-arn <value> --saml-assertion <value> 

Note: the max session length is defined by the role you're using.