### AWS Temporary Credentials Assumption Tool

assumeRole.sh:

```bash
#!/usr/bin/bash
export AWS_ACCESS_KEY_ID=$(echo $1 | egrep -o '"AccessKeyId": ?"([^"]*)"' | cut -f 4 -d '"')
export AWS_SECRET_ACCESS_KEY=$(echo $1 | egrep -o '"SecretKey": ?"([^"]*)"' | cut -f 4 -d '"')
export AWS_SESSION_TOKEN=$(echo $1 | egrep -o '"SessionToken": ?"([^"]*)"' | cut -f 4 -d '"')
```

(Dont forget to `chmod +x`) 

Usage:

```bash
justin@RhynoDesktop:~/ctTools$ source assumeRoleBash.sh '{
>         "AccessKeyId": "ASIAURESQNL3M5UYTC5Z",
>         "Expiration": 1.701707466E9,
>         "SecretKey": "8MuHUb0S7UPV2L23KODqNmUrCeElhsl1ynAFpiiC",
>         "SessionToken": "IQoJb3JpZ2luX2VjEPj//////////wEaCXVzLWVhc3QtMSJHMEUCIB5XSIyFizO2Yz0R1/K2N0l9EPTYdWWD9x64y7FcU6RMAiEAjcbC4g1dEhStWLzOqgfgFEnT1hHJvPR7FGUO1zyPWKIqxAQIYRAAGgwzMTE2OTIzODkxMTAiDER/ZAvd+M2uXZ4vqiqhBG+EQGlpJm7ZbWwrzaC2hXTKpBJv9TYlARDFRG97hD1YJIoWv7d+do7egMo/f+PRV8oB/7MinF8ZBW6Ien63amwB/vam9JEHUMWbPKlBmUJCaDXew6pOkz61WBXGEMADqI/S/fhhtfv2aDJjPj7OPINlhGFR0q46cXevjkh3qB5zw5h9BrDSoroNWW4HTcoWAmDruGuJYqk01yFJF/2ycYEWmouwxAHMq1gtbL6Tcdz2L4ibFYNVJwoCgOwYvrh5N3C5loH+C6oOJt7YHb89ruCbK0dhwry3PILuLg1e7ZWjLa6bjMGKRuLy2ENTwUr7SNbyC+LM6rn1AW3ayeyvKYY2HPAU8//kSzg6teQlpJXKhEapniv8R6oEf4mu1tfSLWxbNKhs5WxROxBYvkTkkYWNK6hBHIv5pz6Hxlu21HKPqkQ7TunOA5oL+uGxRdCyjQJCuWMABr5BhZIwRrJsyKtMs7Si9Exc9Ov07LCYsyUrlQ9i1m5z9PrhlHFKAY6EovldYjKNEH84VrRA36VVPRcaUlZQI8OxFqkNZCnJOK9up0SvXaSf9lUw7TCfflkXgFbQcraC9mqJd6JBRiiMrG2zthr1dMTfD+6EB0dun5lEvl1QhkUVkXlznrsj9o0jdMMNjq3frrXeg8jgCZk48u0TygYvcBIjdp7NY7t8ZP8V2oyBaRPZ3rkOjmncl1Q6H2/pJoo5RG7MQFpxdZa7S+4MMLrht6sGOoUCE8mkiA3jEtNxk7R6SgckTLq3mrNAIUsyjTqRvpzFYnzo4fB+b5tjEaoPx6MXFtryxLI5S1p6BXzH7eFKvyH/AIRzOn+Ftju+JuqcQxjHd1cx2h2V5SJ7b2ExuUT8C2TphGaOR1EOL8vQBUW8e6ihf/V89AWvs6NG+u9R7AJw3eMmKJI5kDnASNbze+34wsGSytCzOPfjtRd5vfopFQjzqBJSdyKGQNjORheJ94/DpztLLzIQBFm640JVDg/Z06aEibo4RZBB9ASlN7fYPU8LVAX/ploClJOB3xZTwtxQGhmZ+y/7UHcTzDu4o2tfpqv042qpLUXaZpd/IgaW/lnZp0hQIOQI"
>     }'
justin@RhynoDesktop:~/ctTools$ aws sts get-caller-identity
{
    "UserId": "AROAURESQNL3LACOQAHAO:CognitoIdentityCredentials",
    "Account": "311692389110",
    "Arn": "arn:aws:sts::311692389110:assumed-role/Cognito_KidAwareStudentAuth_Role/CognitoIdentityCredentials"
}
```

Now you've assumed the identity and can test the permissions of the credentials with:

- AWS CLI
- [GitHub - andresriancho/enumerate-iam: Enumerate the permissions associated with AWS credential set](https://github.com/andresriancho/enumerate-iam "https://github.com/andresriancho/enumerate-iam")
- [GitHub - nccgroup/ScoutSuite: Multi-Cloud Security Auditing Tool](https://github.com/nccgroup/ScoutSuite "https://github.com/nccgroup/ScoutSuite")
- [GitHub - UN1QUELY/aws-cust-cognit: AWS Cognito custom attributes exploitation tool](https://github.com/UN1QUELY/aws-cust-cognit "https://github.com/UN1QUELY/aws-cust-cognit")



See AssumeAWSTempRole.mp4