Public/IAM/Get-ATIAMSessionCredentials.ps1

function Get-ATIAMSessionCredentials
{
<#
    .SYNOPSIS
        Gets keys from a federated AWS login

    .DESCRIPTION
        If your organisation uses federated authentication (SAML etc) for API authentication with AWS,
        this cmdlet enables you to get a set of temporary keys for use with applications that do not
        understand/support this authentication method.

        Various means of acquiring/storing the credentials are provided by this cmdlet.

        You must first authenticate with AWS using the account you need keys for via Set-AWSCredential.

    .PARAMETER SetLocal
        The credentials are set as environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN in the current shell.
        Proceed to run your application that supports environment-based credentails in this shell.

    .PARAMETER Ruby
        The credentials are formatted as ENV[] = staements and output to the console

    .PARAMETER Bash
        The credentials are formatted as EXPORT staements and output to the console

    .PARAMETER Clipboard
        If set, output of -Ruby or -Bash is copied directly to clipboard, so you can paste them into code or your active Ruby or Shell prompt

    .EXAMPLE
        Get-ATIAMSessionCredentials
        With no parameters (or with -SetLocal), sets up the AWS environment variables in the current shell

    .EXAMPLE
        Get-ATIAMSessionCredentials -Bash -ClipBoard
        Copies shell EXPORT statements to create the AWS environment variables for sh/bash direct to clipboard. Paste into your shell environment.

    .EXAMPLE
        Get-ATIAMSessionCredentials -Ruby -ClipBoard
        Copies ruby ENV statements to create the AWS environment variables for ruby direct to clipboard. Paste into your irb shell environment.

#>

    [CmdletBinding(DefaultParameterSetName = 'SetLocal')]
    param
    (
        [Parameter(ParameterSetName = "Ruby")]
        [switch]$Ruby,

        [Parameter(ParameterSetName = "Shell")]
        [switch]$Bash,

        [Parameter(ParameterSetName = "Ruby")]
        [Parameter(ParameterSetName = "Shell")]
        [switch]$ClipBoard,

        [Parameter(ParameterSetName = "SetLocal")]
        [switch]$SetLocal
    )

    # Check user authenticated
    if (-not (Test-Path variable:StoredAWSCredentials))
    {
        throw "Please authenticate with AWSPowerShell first (Set-AWSCredential)"
    }

    # Get the AWSCredential object from the shell stored credential
    $cred = $StoredAwsCredentials.GetType().
        GetProperty('Credentials', ([System.Reflection.BindingFlags]::NonPublic -bor [System.Reflection.BindingFlags]::Instance)).
        GetValue($StoredAwsCredentials).GetCredentials() | Select-Object *

    Write-Warning "Expiry time for these keys: $($cred.Expires.ToLocalTime().ToString("HH:mm:ss")). You will need to re-run this script after then to regenerate keys."

    if ($Ruby)
    {
        # Build Ruby environment variables and output
        $sb = New-Object System.Text.StringBuilder

        $sb.AppendLine("ENV[`"AWS_ACCESS_KEY_ID`"] = `"$($cred.AccessKey)`"").
        AppendLine("ENV[`"AWS_SECRET_ACCESS_KEY`"] = `"$($cred.SecretKey)`"") | Out-Null

        if ($cred.UseToken)
        {
            $sb.AppendLine("ENV[`"AWS_SESSION_TOKEN`"] = `"$($cred.Token)`"") | Out-Null
        }

        if ($ClipBoard)
        {
            $sb.ToString() | clip.exe
            Write-Host "Ruby env vars copied to clipboard"
        }
        else
        {
            $sb.ToString()
        }
    }
    elseif ($Bash)
    {
        # Build shell environment variables and output
        $sb = New-Object System.Text.StringBuilder
        $sb.AppendLine("export AWS_ACCESS_KEY_ID=`"$($cred.AccessKey)`"").
        AppendLine("export AWS_SECRET_ACCESS_KEY=`"$($cred.SecretKey)`"") | Out-Null

        if ($cred.UseToken)
        {
            $sb.AppendLine("export AWS_SESSION_TOKEN=`"$($cred.Token)`"") | Out-Null
        }

        if ($ClipBoard)
        {
            $sb.ToString() | clip.exe
            Write-Host "BASH shell env vars copied to clipboard"
        }
        else
        {
            $sb.ToString()
        }
    }
    elseif ($PSCmdlet.ParameterSetName -ieq 'SetLocal')
    {
        # Set local enviroment with credential material.
        Set-Item -Path env:AWS_ACCESS_KEY_ID -Value $cred.AccessKey -Force
        Set-Item -Path env:AWS_SECRET_ACCESS_KEY -Value $cred.SecretKey -Force

        if ($cred.UseToken)
        {
            Set-Item -Path env:AWS_SESSION_TOKEN -Value $cred.Token -Force
        }
        else
        {
            if (Test-Path -Path env:AWS_SESSION_TOKEN)
            {
                Remove-Item env:AWS_SESSION_TOKEN
            }
        }

        Write-Host "Keys set in your environment. Run commands that need them (e.g. node) in this shell"
    }
}