docker_run_with_creds.sh 1.5 KB

12345678910111213141516171819202122232425262728293031323334353637383940
  1. #!/usr/bin/env bash
  2. set -e
  3. # Obtain stack and account details
  4. REGION=$(aws configure get region)
  5. JOB_TABLE=$(aws cloudformation describe-stacks \
  6. --stack-name S3F2 \
  7. --query 'Stacks[0].Outputs[?OutputKey==`JobTable`].OutputValue' \
  8. --output text)
  9. QUEUE_URL=$(aws cloudformation describe-stacks \
  10. --stack-name S3F2 \
  11. --query 'Stacks[0].Outputs[?OutputKey==`DeletionQueueUrl`].OutputValue' \
  12. --output text)
  13. DLQ_URL=$(aws cloudformation describe-stacks \
  14. --stack-name S3F2 \
  15. --query 'Stacks[0].Outputs[?OutputKey==`DLQUrl`].OutputValue' \
  16. --output text)
  17. ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
  18. PARTITION=$(aws sts get-caller-identity --query Arn --output text | cut -d':' -f2)
  19. # Assume IAM Role to be passed to container
  20. SESSION_DATA=$(aws sts assume-role \
  21. --role-session-name s3f2-local \
  22. --role-arn arn:"${PARTITION}":iam::"${ACCOUNT_ID}":role/"${ROLE_NAME}" \
  23. --query Credentials \
  24. --output json)
  25. AWS_ACCESS_KEY_ID=$(echo "${SESSION_DATA}" | jq -r ".AccessKeyId")
  26. AWS_SECRET_ACCESS_KEY=$(echo "${SESSION_DATA}" | jq -r ".SecretAccessKey")
  27. AWS_SESSION_TOKEN=$(echo "${SESSION_DATA}" | jq -r ".SessionToken")
  28. # Run the container with local changes mounted
  29. docker run \
  30. -v "$(pwd)"/backend/ecs_tasks/delete_files/:/app/:ro \
  31. -e DELETE_OBJECTS_QUEUE="${QUEUE_URL}" \
  32. -e DLQ="${DLQ_URL}" \
  33. -e JobTable="${JOB_TABLE}" \
  34. -e AWS_DEFAULT_REGION="${REGION}" \
  35. -e AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" \
  36. -e AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" \
  37. -e AWS_SESSION_TOKEN="${AWS_SESSION_TOKEN}" \
  38. s3f2