assume-role | Easily assume AWS roles in your terminal | Identity Management library

How to assume an iam role in a makefile?

I tried:

I have the following Dockerfile

I am getting Partial credentials found in env error while running below command.

aws sts assume-role-with-web-identity --role-arn $AWS_ROLE_ARN --role-session-name build-session --web-identity-token $BITBUCKET_STEP_OIDC_TOKEN --duration-seconds 1000

I am using below AWS CLI and Python version-

I have a role in another which has the condition

I am creating 2 IAM roles in my main.tf that I will be creating at the same time. The first is main_role and the second is Backend_role.Backend_role is trusting main_role to assume its role and main_role also need policy that specify assume Backend_role.I have 2 questions 1... How do I reference the ARN of Backend_role in the resource policy section of main_role. 2... How do i reference the ARN of main_role in the assume_role_policy resource section of Backend_role

When trying to create an apprunner service using aws apprunner create-service --cli-input-json file://./myconfig.json, I get the error in title:

An error occurred (InvalidRequestException) when calling the CreateService operation: Error in assuming access role arn:aws:iam::1234:role/my-role

The myconfig.json I'm using is fairly similar to example json from AWS CreateService docs, & I don't think it's particularly relevant here.

The error seems to imply I should assume the role... but I've already assumed the role with this command from this stackoverflow q/a:

eval $(aws sts assume-role --role-arn arn:aws:iam::1234:role/my-role --role-session-name apprunner-stuff1 --region us-east-1 | jq -r '.Credentials | "export AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)\nexport AWS_SESSION_TOKEN=\(.SessionToken)\n"')

This runs without error & when I run:

aws sts get-caller-identity

it outputs the following which looks correct I think:

In PyCharm i want to create run/ debug configuration for project that must have access to AWS resources. But first AWS user must assume the role that gives permissions, and assuming the role needs MFA.

Now i first run CLI assume-role command, than copy-paste temporary role credentials to environment variables in the run/ debug configuration. But duration of the assumed role is too short, and this process need to be repeated time-by-time, and it isn't very useful.

So- what is the best way to configure PyCharm/ IntelliJ IDEA in this case?

I have created a docker image using AmazonLinux:2 base image in my Dockerfile. This docker container will run as Jenkins build agent on a Linux server and has to make certain AWS API calls. In my Dockerfile, I'm copying a shell-script called assume-role.sh. Code snippet:-

I want to download an Amazon S3 folder, from within a bucket, via CLI. Since you cannot download sub-folders via. Console.