Dev | Notion

aws iam create-user --user-name dev

cat <<EOF> dev-role-policy.json
{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Action": [
              "eks:*"
          ],
          "Resource": "*"
      },
      {
          "Effect": "Allow",
          "Action": "iam:PassRole",
          "Resource": "*",
          "Condition": {
              "StringEquals": {
                  "iam:PassedToService": "eks.amazonaws.com"
              }
          }
      }
  ]
}
EOF

POLICY_ARN=$(aws iam create-policy --policy-name dev-policy --policy-document file://dev-role-policy.json --query "Policy.Arn" --output text)

ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)

cat <<EOF> dev-assume-role.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::$ACCOUNT_ID:user/dev",
                    "arn:aws:iam::$ACCOUNT_ID:role/wsi-control-plane-role"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
EOF

ROLE_ARN=$(aws iam create-role --role-name developer --assume-role-policy-document file://dev-assume-role.json --query "Role.Arn" --output text)

aws iam attach-role-policy --role-name developer --policy-arn $POLICY_ARN

aws iam create-access-key --user-name dev
# 아래의 예시
{
    "AccessKey": {
        "UserName": "dev",
        "AccessKeyId": "AKIA2M55O2MCUWCFCRNI",
        "Status": "Active",
        "SecretAccessKey": "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",
        "CreateDate": "2024-07-12T05:07:17+00:00"
    }
}

aws configure --profile dev

aws sts assume-role --role-arn $ROLE_ARN --role-session-name dev-session --profile dev
# 아래의 예시
{
    "Credentials": {
        "AccessKeyId": "ASIA2M55O2MC2PZ65B7S",
        "SecretAccessKey": "9OlMM3f33xQsDJ+fqff6psqjEqqpy0AojEWJkuNn",
        "SessionToken": "IQoJb3JpZ2luX2VjEKX//////////wEaDmFwLW5vcnRoZWFzdC0yIkcwRQIhANtYghpyWo6AIeKezf+U3RZG8Y4yKq1OCUDTKhk8BFIXAiAHquTtVGhnrqkFAk7qRewcJ7gooS2guSRIwubQFrpWTSqYAghuEAEaDDcxNDk3MjUxNzEyNSIMyo1v6JnMyPos4TPqKvUBQeYjvbYOafydBFMSu/NzS5den/aOjoE/XiAvuKju8RikBsH3iDGkS3FgyTEaaz6llxGbKWiFrpcy1PBWbgUwPW0b7Vn7S9A2QcWU80TD9qfDU1A6AINWBmBsWHsK0Fb1n7SFihhsaHFGdqSTi06u9vsu3jEABa2/qDh/zOSdlXrAVoiMZ8lZumb+I47y2IMnkFhDYq9Il3r9ZZF+NiPzkHAawBXE4MU9tmNCcAaJHASQF5wftAP3xt/4CwKB/JZg5odZ9cOjt0cZ9uQSwGUcuQBlB12pPpZtUsy/3UHwBvfkrbqfTQqarF0cGhSIxf7bh1ZPHT4wufTCtAY6nQE41DxlHkgDuSK+cOOUAUoZ47rsgTuISgn3cBKuGRdKYPcvV1EB5EtRMpuwZqpIOfw6uFo/Iof7ZQVcebb/JEu2Uf1fu79dFxfS3bpGrQd3NCJ59blyObPx5b4KQJhTYVm/DqKIHSw5H4NXqi9AyeZFC56ThfOXo1ozRDqv7la+qxPbH632I46up1oS5asSyQDzZjjZUCzzIh0tWPug",
        "Expiration": "2024-07-12T06:08:09+00:00"
    },
    "AssumedRoleUser": {
        "AssumedRoleId": "AROA2M55O2MC57PDPZZMT:dev-session",
        "Arn": "arn:aws:sts::714972517125:assumed-role/developer/dev-session"
    }
}