Given a variable AWS_ASSUMED_ROLE
that contains the output of the aws sts assume-role
(a JSON string), I can write the following in bash
.
export AWS_ACCESS_KEY_ID=$( jq -r '.Credentials.AccessKeyId' <<<$AWS_ASSUMED_ROLE )
export AWS_SECRET_ACCESS_KEY=$( jq -r '.Credentials.SecretAccessKey' <<<$AWS_ASSUMED_ROLE )
export AWS_SESSION_TOKEN=$( jq -r '.Credentials.SessionToken' <<<$AWS_ASSUMED_ROLE )
aws sts get-caller-identity
However, in order to get the same functionality in xonsh
, I need two echo
commands.
$AWS_ACCESS_KEY_ID = $( echo -n @$( echo @(AWS_ASSUMED_ROLE) | jq -r '.Credentials.AccessKeyId') )
$AWS_SECRET_ACCESS_KEY = $( echo -n @$( echo @(AWS_ASSUMED_ROLE) | jq -r '.Credentials.SecretAccessKey' ) )
$AWS_SESSION_TOKEN = $( echo -n @$( echo @(AWS_ASSUMED_ROLE) | jq -r '.Credentials.SessionToken' ) )
aws sts get-caller-identity
The inner one to provide jq
with the input data. The outer one to be able to set the corresponding environment variable with a string value without a new line.
Okay, a little awkward but not too bad. However, is there a better way to do it?
jq
is a great tool -- for this particular case withxonsh
, I'd lean on thejson
module instead, though. Assuming thatAWS_ASSUMED_ROLE
is some stringified json blob: