In the following case:
$(saml-to assume some-role --headless)
Assume that some-role is an intermediate role that can access other roles.
Add a --jump {some-other-role-arn} flag which will further assume the desired role, e.g.:
$(saml-to assume some-role --headless --jump arn:aws:iam::000000000000:role/some-other-role)
Which would:
- assume some-role using GitHub token
- assume
arn:aws:iam::000000000000:role/some-other-role using some-role token
- save/output
arn:aws:iam::000000000000:role/some-other-role token
Make --jump able to be specified any number of times for additional additional intermediate roles, e.g.:
$(saml-to assume some-role --headless --jump arn:aws:iam::000000000000:role/some-other-role --jump arn:aws:iam::1111111111111:role/another-role)
Which would:
- assume
some-role using GitHub token
- assume
arn:aws:iam::000000000000:role/some-other-role using some-role token
- assume
arn:aws:iam::1111111111111:role/another-role using arn:aws:iam::000000000000:role/some-other-role token
- save/output
arn:aws:iam::1111111111111:role/another-role token
In the following case:
$(saml-to assume some-role --headless)Assume that
some-roleis an intermediate role that can access other roles.Add a
--jump {some-other-role-arn}flag which will further assume the desired role, e.g.:Which would:
arn:aws:iam::000000000000:role/some-other-roleusing some-role tokenarn:aws:iam::000000000000:role/some-other-roletokenMake
--jumpable to be specified any number of times for additional additional intermediate roles, e.g.:Which would:
some-roleusing GitHub tokenarn:aws:iam::000000000000:role/some-other-roleusingsome-roletokenarn:aws:iam::1111111111111:role/another-roleusingarn:aws:iam::000000000000:role/some-other-roletokenarn:aws:iam::1111111111111:role/another-roletoken