User | Notion

aws iam create-user --user-name user

cat <<EOF> user-role-policy.json
{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Action": [
              "eks:*"
          ],
          "Resource": "*"
      },
      {
          "Effect": "Allow",
          "Action": "iam:PassRole",
          "Resource": "*",
          "Condition": {
              "StringEquals": {
                  "iam:PassedToService": "eks.amazonaws.com"
              }
          }
      }
  ]
}
EOF

POLICY_ARN=$(aws iam create-policy --policy-name user-policy --policy-document file://user-role-policy.json --query "Policy.Arn" --output text)

ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)

cat <<EOF> user-assume-role.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::$ACCOUNT_ID:user/user",
                    "arn:aws:iam::$ACCOUNT_ID:role/wsi-control-plane-role"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
EOF

ROLE_ARN=$(aws iam create-role --role-name user --assume-role-policy-document file://user-assume-role.json --query "Role.Arn" --output text)

aws iam attach-role-policy --role-name user --policy-arn $POLICY_ARN

aws iam create-access-key --user-name user
# 아래의 예시
{
    "AccessKey": {
        "UserName": "user",
        "AccessKeyId": "AKIA2M55O2MCSYGBPLPA",
        "Status": "Active",
        "SecretAccessKey": "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",
        "CreateDate": "2024-07-12T04:45:29+00:00"
    }
}

aws configure --profile user

aws sts assume-role --role-arn $ROLE_ARN --role-session-name user-session --profile user
# 아래의 예시
{
    "Credentials": {
        "AccessKeyId": "ASIA2M55O2MC5YH47POI",
        "SecretAccessKey": "OB1uHw0EH9o5JYX+aCFlJnu5EZucAR2C1df7aMHZ",
        "SessionToken": "IQoJb3JpZ2luX2VjEKX//////////wEaDmFwLW5vcnRoZWFzdC0yIkcwRQIgQxut1SmdeE1j6DyL1vHnZtjaKfVmV2dbgfBiz/0s1tsCIQDuRHA7ASMO5Vmjsyxaqo5QhQzHdZM2W2xCYtOCS1zBfCqZAghuEAEaDDcxNDk3MjUxNzEyNSIM2kOLHw1pUVOHciBgKvYBGkmtLJzi1o1kC0qt8BrLPG6J09iWw79A6uSfZiCnBzgKZSholtTbDtCs2NreLUWnbQxl4qb/NStCAjP2wK8VbCN5Tii1dXvQurPVuqhwKgyGmKAF5HCY4XS8ZnRpdfYp8HXsVD8nsWHXShxR9w4bHGORC21J0yNFhtJcHeauA75mfVyEV1jKVP8mphBvRr6mA6O5cLdM61pon+jQVue6zGSJlUWTtAwVpB3QkZj2Fix7y70NS0jewc7JOlixmrxyojj54vM02EWk/5yS1nfew+pEybDpoaT2ymzROizFyLdzyiUefJgBGVRqDj9SHYkS78GiQTCgMOHvwrQGOp0BSIhr14ftwOEuWJM5EEbgZr4BVU931sIXZrGtKTSzFswUPF51tF4Lw9FTbc5JzXZUifRtecwcn36lOo4u2Yiur5OZsQwoP034dkNzUAMqOmehHGhVGylId583k3pF8pY6UwStt+3R4RM4TEAxOStiVMpFJfAbbNGVpNVjrdYqSx9wS3UwoRMPh7JMhwWlPEw6V7qMOmkYWv7neOUFrA==",
        "Expiration": "2024-07-12T05:58:09+00:00"
    },
    "AssumedRoleUser": {
        "AssumedRoleId": "AROA2M55O2MCQMOLWDRJD:user-session",
        "Arn": "arn:aws:sts::714972517125:assumed-role/user/user-session"
    }
}