From b71d16c7cfffda37f4a0542439a7f1e3870a2e94 Mon Sep 17 00:00:00 2001
From: arnie <arnie@c3c.cz>
Date: Wed, 12 Mar 2025 13:50:19 +0100
Subject: [PATCH] Add command to export assume role creds

---
 home-manager/common.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/home-manager/common.nix b/home-manager/common.nix
index 9e13ae7..0cff24d 100644
--- a/home-manager/common.nix
+++ b/home-manager/common.nix
@@ -113,6 +113,11 @@ in
         # use eval $(aws-export-credentials) to expose them to environment
         aws-export-credentials = lib.mkDefault "${pkgs.awscli2}/bin/aws configure export-credentials --format env --profile";
 
+        aws-export-assume-role = lib.mkDefault "${pkgs.writeShellScript "aws-export-assume-role" ''
+          [[ -z "$1" || -z "$2" ]] && echo "Usage: aws-export-assume-role <profile> <role-arn>" && exit 1
+          ${pkgs.coreutils}/bin/printf 'export AWS_ACCESS_KEY_ID=%s\nexport AWS_SECRET_ACCESS_KEY=%s\nexport AWS_SESSION_TOKEN=%s' $(${pkgs.awscli2}/bin/aws --profile "$1" sts assume-role --role-arn "$2" --role-session-name lcech --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" --output text)
+        ''}";
+
         aws-s3-cp-public = lib.mkDefault ''
           ${pkgs.awscli2}/bin/aws s3 cp --acl "public-read" --expires "$(${pkgs.coreutils}/bin/date '+%a, %d %b %Y 00:00:00 GMT' -d "$(${pkgs.coreutils}/bin/date +%Y-%m-%d) + 365 day")" --cache-control "max-age=31536000" --metadata-directive REPLACE
         '';