add example of get-federation-token

mantil-io · Jul 5, 2021 · e18941f · e18941f
1 parent 211d7c2
commit e18941f
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 0 deletions.
diff --git a/scripts/.gitignore b/scripts/.gitignore
@@ -0,0 +1 @@
+output
diff --git a/scripts/get.sh b/scripts/get.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash -e
+
+aws sts get-federation-token --name mantil-proj1 --duration-seconds 900 --policy "$(jq -c . policy.json)" --no-cli-pager > output
+cat output
+
+export AWS_ACCESS_KEY_ID="$(jq -r .Credentials.AccessKeyId output)"
+export AWS_SECRET_ACCESS_KEY="$(jq -r .Credentials.SecretAccessKey output)"
+export AWS_SESSION_TOKEN="$(jq -r .Credentials.SessionToken output)"
+
+name=hello
+build_name=hello:v016b704-dirty.zip
+    aws lambda update-function-code --no-cli-pager \
+        --function-name "proj1-try-mantil-team-$name" \
+        --s3-bucket try.mantil.team-lambda-functions \
+        --s3-key "functions/$build_name" \
+        --publish
diff --git a/scripts/policy.json b/scripts/policy.json
@@ -0,0 +1,26 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "lambda:*"
+            ],
+            "Resource": "arn:aws:lambda:*:*:function:proj1-try-mantil-team-*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:*"
+            ],
+            "Resource": "arn:aws:s3:::try.mantil.team-lambda-functions*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "apigateway:*"
+            ],
+            "Resource": "arn:aws:apigateway:*:proj1-try-mantil-team"
+        }
+    ]
+}