AWS CLI EC2 instance roleを使っているときに、assume role する方法
問題
AWS CLIは https://docs.aws.amazon.com/ja_jp/cli/latest/userguide/cli-roles.html で簡単にassume role で引き受けたroleが使用できるが、元の権限が EC2 instance role を使っているとこのページの通りだと The source_profile "default" must specify either static credentials or an assume role configuration
と言われてしまい動作しない
./aws/config
[profile test]
role_arn = arn:aws:iam::xxxxxxxx:role/TestRole
source_profile = default
[default]
output = json
region = ap-northeast-1
-> % aws --profile test ec2 describe-instances
The source_profile "default" must specify either static credentials or an assume role configuration
解決方法
https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#using-aws-iam-roles にある
credential_source = Ec2InstanceMetadata
を指定すれば、できるようになる
./aws/config
[profile test]
role_arn = arn:aws:iam::xxxxxxxx:role/TestRole
credential_source = Ec2InstanceMetadata
region = ap-northeast-1
[default]
output = json
region = ap-northeast-1
-> % aws --profile test ec2 describe-instances | head -8
{
"Reservations": [
{
"Instances": [
{
"Monitoring": {
"State": "disabled"
},