forked from awslabs/amazon-s3-find-and-forget
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker_run_with_creds.sh
executable file
·40 lines (38 loc) · 1.53 KB
/
docker_run_with_creds.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#!/usr/bin/env bash
set -e
# Obtain stack and account details
REGION=$(aws configure get region)
JOB_TABLE=$(aws cloudformation describe-stacks \
--stack-name S3F2 \
--query 'Stacks[0].Outputs[?OutputKey==`JobTable`].OutputValue' \
--output text)
QUEUE_URL=$(aws cloudformation describe-stacks \
--stack-name S3F2 \
--query 'Stacks[0].Outputs[?OutputKey==`DeletionQueueUrl`].OutputValue' \
--output text)
DLQ_URL=$(aws cloudformation describe-stacks \
--stack-name S3F2 \
--query 'Stacks[0].Outputs[?OutputKey==`DLQUrl`].OutputValue' \
--output text)
ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
PARTITION=$(aws sts get-caller-identity --query Arn --output text | cut -d':' -f2)
# Assume IAM Role to be passed to container
SESSION_DATA=$(aws sts assume-role \
--role-session-name s3f2-local \
--role-arn arn:"${PARTITION}":iam::"${ACCOUNT_ID}":role/"${ROLE_NAME}" \
--query Credentials \
--output json)
AWS_ACCESS_KEY_ID=$(echo "${SESSION_DATA}" | jq -r ".AccessKeyId")
AWS_SECRET_ACCESS_KEY=$(echo "${SESSION_DATA}" | jq -r ".SecretAccessKey")
AWS_SESSION_TOKEN=$(echo "${SESSION_DATA}" | jq -r ".SessionToken")
# Run the container with local changes mounted
docker run \
-v "$(pwd)"/backend/ecs_tasks/delete_files/:/app/:ro \
-e DELETE_OBJECTS_QUEUE="${QUEUE_URL}" \
-e DLQ="${DLQ_URL}" \
-e JobTable="${JOB_TABLE}" \
-e AWS_DEFAULT_REGION="${REGION}" \
-e AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" \
-e AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" \
-e AWS_SESSION_TOKEN="${AWS_SESSION_TOKEN}" \
s3f2