Merge pull request silinternational#140 from silinternational/develop

Release 3.4.0 - Adding assume role support

README.md

@@ -22,6 +22,7 @@ Usage
                                                 silintl/mariadb:latest, private.registry.com:8000/repo/image:tag
 
     Optional arguments:
+        -a | --assume-role            ARN for AWS Role to assume for ecs-deploy operations.
         -D | --desired-count          The number of instantiations of the task to place and keep running in your service.
         -m | --min                    minumumHealthyPercent: The lower limit on the number of running tasks during a deployment. (default: 100)
         -M | --max                    maximumPercent: The upper limit on the number of running tasks during a deployment. (default: 200)
@@ -136,7 +137,7 @@ this script.
 Use Environment Variable for tag name value
 -------------------------------------------
 In some cases you may want to use an environment variable for the tag name of your image.
-For instance, we use Codeship for continous integration and deployment. In their Docker
+For instance, we use Codeship for continuous integration and deployment. In their Docker
 environment they can build images and tag them with different variables, such as
 the current unix timestamp. We want to use these unique and changing values for image tags
 so that each task definition refers to a unique docker image/tag. This gives us the

ecs-deploy

@@ -1,11 +1,12 @@
 #!/usr/bin/env bash
 
 # Setup default values for variables
-VERSION="3.3.0"
+VERSION="3.4.0"
 CLUSTER=false
 SERVICE=false
 TASK_DEFINITION=false
 MAX_DEFINITIONS=0
+AWS_ASSUME_ROLE=false
 IMAGE=false
 MIN=false
 MAX=false
@@ -40,6 +41,7 @@ Required arguments:
     --aws-instance-profile  Use the IAM role associated with this instance
 
 Optional arguments:
+    -a | --assume-role      ARN for AWS Role to assume for ecs-deploy operations.
     -D | --desired-count    The number of instantiations of the task to place and keep running in your service.
     -m | --min              minumumHealthyPercent: The lower limit on the number of running tasks during a deployment.
     -M | --max              maximumPercent: The upper limit on the number of running tasks during a deployment.
@@ -83,6 +85,9 @@ EOM
     exit 3
 }
 
+
+
+
 # Check requirements
 function require() {
     command -v "$1" > /dev/null 2>&1 || {
@@ -92,6 +97,25 @@ function require() {
     }
 }
 
+function assumeRole() {
+
+   temp_role=$(aws sts assume-role \
+                    --role-arn "${AWS_ASSUME_ROLE}" \
+                    --role-session-name "$(date +"%s")")
+
+   export AWS_ACCESS_KEY_ID=$(echo $temp_role | jq .Credentials.AccessKeyId | xargs)
+   export AWS_SECRET_ACCESS_KEY=$(echo $temp_role | jq .Credentials.SecretAccessKey | xargs)
+   export AWS_SESSION_TOKEN=$(echo $temp_role | jq .Credentials.SessionToken | xargs)
+}
+
+
+function assumeRoleClean() {
+   unset AWS_ACCESS_KEY_ID
+   unset AWS_SECRET_ACCESS_KEY
+   unset AWS_SESSION_TOKEN
+}
+
+
 # Check that all required variables/combinations are set
 function assertRequiredArgumentsSet() {
 
@@ -455,6 +479,10 @@ if [ "$BASH_SOURCE" == "$0" ]; then
                 echo "--aws-instance-profile is not yet in use"
                 AWS_IAM_ROLE=true
                 ;;
+            -a|--aws-assume-role)
+                AWS_ASSUME_ROLE="$2"
+                shift
+                ;;
             -c|--cluster)
                 CLUSTER="$2"
                 shift # past argument
@@ -521,9 +549,15 @@ if [ "$BASH_SOURCE" == "$0" ]; then
         set -x
     fi
 
+
     # Check that required arguments are provided
     assertRequiredArgumentsSet
 
+    if [[ "$AWS_ASSUME_ROLE" != false ]]; then
+        assumeRole
+    fi
+
+
     # Determine image name
     parseImageName
     echo "Using image name: $useImage"
@@ -548,6 +582,11 @@ if [ "$BASH_SOURCE" == "$0" ]; then
         waitForGreenDeployment
     fi
 
+    if [[ "$AWS_ASSUME_ROLE" != false ]]; then
+        assumeRoleClean
+    fi
+
+
     exit 0
 
 fi