From a66272c2dbb2e0f5ae9a1f46c540533a71ed8e13 Mon Sep 17 00:00:00 2001
From: Marcus Noble <m.noble@elsevier.com>
Date: Tue, 13 Oct 2020 10:18:20 +0100
Subject: [PATCH] Added aws-specific helpers

---
 .dotfiles/aliases |  2 --
 .dotfiles/aws     | 24 ++++++++++++++++++++++++
 2 files changed, 24 insertions(+), 2 deletions(-)
 create mode 100644 .dotfiles/aws

diff --git a/.dotfiles/aliases b/.dotfiles/aliases
index 68b9953..ef14e43 100644
--- a/.dotfiles/aliases
+++ b/.dotfiles/aliases
@@ -14,5 +14,3 @@ lt() {
   fi
   ls -l --tree -L $DEPTH -I ".git|cache|log|logs|node_modules|vendor" $@
 }
-
-alias aws='docker run --rm -ti -v ~/.aws:/root/.aws -v $(pwd):/aws -e AWS_PROFILE -e AWS_DEFAULT_REGION -e AWS_REGION amazon/aws-cli'
diff --git a/.dotfiles/aws b/.dotfiles/aws
new file mode 100644
index 0000000..58797b3
--- /dev/null
+++ b/.dotfiles/aws
@@ -0,0 +1,24 @@
+alias aws='docker pull -q amazon/aws-cli:latest 1> /dev/null && docker run --rm -i -v ~/.aws:/root/.aws -v $(pwd):/aws -e NO_COLOR=true -e AWS_PROFILE -e AWS_DEFAULT_REGION -e AWS_REGION -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN amazon/aws-cli'
+
+assume-role() {
+  ROLE=$1
+
+  if [[ -z "$ROLE" ]]; then
+    export AWS_ACCESS_KEY_ID=
+    export AWS_SECRET_ACCESS_KEY=
+    export AWS_SESSION_TOKEN=
+  else
+    OUTPUT=$(aws sts assume-role --role-arn $ROLE --role-session-name assumed-role-session --query Credentials --color off --output json)
+
+    export AWS_ACCESS_KEY_ID=$(echo $OUTPUT | jq -r .Credentials.AccessKeyId)
+    export AWS_SECRET_ACCESS_KEY=$(echo $OUTPUT | jq -r .Credentials.SecretAccessKey)
+    export AWS_SESSION_TOKEN=$(echo $OUTPUT | jq -r .Credentials.SessionToken)
+  fi
+
+  aws sts get-caller-identity
+}
+
+aws-decode-message() {
+  ENCODED=$1
+  aws sts decode-authorization-message --query DecodedMessage --output text --encoded-message $ENCODED | jq -r '.context.action, .context.resource'
+}