Merge pull request #1 from LaurenceGA/session-token

Use AWS session token when available

Author: kneemaa

README.md

@@ -3,11 +3,15 @@
 ## Environment Variables
 #### AWS_ACCESS_KEY_ID
 - Required: ***True***
-- Description: Access Key ID of the user being rotated. You can use `${{secrets.ACCESS_KEY_ID}}`
+- Description: Access Key ID to authenticate with AWS. You can use `${{secrets.ACCESS_KEY_ID}}`
 
 #### AWS_SECRET_ACCESS_KEY
 - Required: ***True***
-- Description: Secret Access Key ID of the user being rotated. You can use `${{secrets.SECRET_ACCESS_KEY_ID}}`
+- Description: Secret Access Key ID to authenticate with AWS. You can use `${{secrets.SECRET_ACCESS_KEY_ID}}`
+
+#### AWS_SESSION_TOKEN
+- Required: ***False***
+- Description: Session Token for the current AWS session. Only required if you assume a role first.
 
 #### IAM_USERNAME
 - Required: ***True***

rotate_keys.py

@@ -17,7 +17,8 @@
 iam = boto3.client(
     'iam',
     aws_access_key_id = os.environ['AWS_ACCESS_KEY_ID'],
-    aws_secret_access_key = os.environ['AWS_SECRET_ACCESS_KEY']
+    aws_secret_access_key = os.environ['AWS_SECRET_ACCESS_KEY'],
+    aws_session_token = os.environ['AWS_SESSION_TOKEN'] if 'AWS_SESSION_TOKEN' in os.environ else None
 )
 
 def main_function():
@@ -134,4 +135,4 @@ def upload_secret(owner_repo,key_name,encrypted_value,pub_key_id,github_token):
         sys.exit(1)
 
 # run everything
-main_function()
+main_function()