Luckily the AWS SDK allows to assume an IAM role, while executing tasks through the CLI or SDK. This is something, that I highly recommend to automate in your development setup, so that you will notice problems with the deployment role very early on and not just in your CI pipeline. This setup is actually quite easy to achieve with just a few steps:
First, you need to use the AWS CLI to assume the role and create a session for it on your computer. Remember the session name (e.g. "deployment") as you will need it in the next step.
aws sts assume-role --role-arn <role arn> --role-session-name deployment
Next, you can modify your AWS credentials file located in
./aws/credentials and add a new profile at the end, that is based on your regular profile (e.g. "default") and assumes the role with the session name, that you have specified in the previous step.
[deployment] role_arn = # The ARN of the role, that you want to assume source_profile = # A custom profile or default role_session_name = # The role session name specified in the previous step
Now, every time you want to use the deployment role, you just need to make sure to specify this new profile. The easiest way to do that, is to set the environment variable
AWS_PROFILE to the name of this profile. You could do that on demand for a single terminal session or even permanently in your
This is all you need to setup the deployment role on your development machine.