This script receives the serial number, profile name and the token to generate and replace the aws session configuration.

configure_mfa.sh

#!/bin/bash

if [ $# -eq 0 ]; then
    printf "Utilization:\n"
    printf "$0 [[--token|-t] <MFA Token>] [[--serial_number|-s] <Serial Number>] [[--profile|-p] <Profile>]\n"
    exit 1
fi

serial_number=${AWS_ARN_SESSION}
profile=${AWS_SESSION_PROFILE:-"mfa"}

while [ $# -gt 0 ]; do
  case "$1" in
    --token|-t)
      token="${2}"
      shift
      ;;
    --serial_number|-s)
      serial_number="${2}"
      shift
      ;;
    --profile|-p)
      profile="${2}"
      shift
      ;;
    *)
      printf "ERROR: Invalid params \n"
      printf "Execute without params to check the sintaxe.\n"
      exit 1
  esac
  shift
done


if [ -z "$token" ]
then
        printf "Token not passed. Enter the Token"
        exit 1
fi

if [ -z $serial_number ]
then
        printf "Serial number not passed. Please create the env AWS_ARN_SESSION or pass the Serial number as second param."
        exit 1
fi

if [ -z $profile ]
then
        printf "Profile not passed. Enter the Profile"
        exit 1
fi

credential=$(aws sts get-session-token --serial-number $serial_number --token-code $token)

aws configure set aws_access_key_id $(echo $credential | jq -r '.Credentials.AccessKeyId') --profile $profile &&
aws configure set aws_secret_access_key $(echo $credential | jq -r '.Credentials.SecretAccessKey') --profile $profile &&
aws configure set aws_session_token $(echo $credential | jq -r '.Credentials.SessionToken') --profile $profile