Skip to content

Instantly share code, notes, and snippets.

@TomLous

TomLous/set-token.sh

Last active September 18, 2023 09:27
Show Gist options
  • Save TomLous/a716d69d89e947a300766208de9a232b to your computer and use it in GitHub Desktop.
Save TomLous/a716d69d89e947a300766208de9a232b to your computer and use it in GitHub Desktop.
Download ZIP
Set AWS tokens for MFA from CLI using 1password
Raw
set-token.sh
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SESSION_TOKEN
OTP_ID=$1
OTP=$(op item get $OTP_ID --otp)
DEVICE_ID=$(aws iam list-mfa-devices | jq -r '.MFADevices[0].SerialNumber')
RESULT=$(aws sts get-session-token --serial-number $DEVICE_ID --duration-seconds 129600 --token-code $OTP)
export AWS_ACCESS_KEY_ID=$(echo $RESULT | jq -r '.Credentials.AccessKeyId')
export AWS_SECRET_ACCESS_KEY=$(echo $RESULT | jq -r '.Credentials.SecretAccessKey')
export AWS_SESSION_TOKEN=$(echo $RESULT | jq -r '.Credentials.SessionToken')
@TomLous
Copy link
Author

TomLous commented Sep 18, 2023

after getting these errors:

An error occurred (AccessDeniedException) when calling the ListClusters operation: User: arn:aws:iam::[num]:user/[user] is not authorized to perform: ecs:ListClusters on resource: * with an explicit deny in an identity-based policy

@TomLous
Copy link
Author

TomLous commented Sep 18, 2023

https://medium.com/@tomlous/aws-cli-using-1password-mfa-9c663546b07c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment