aksel/aws-cli-authenticate-mfa.sh

## aws-cli-authenticate-mfa.sh
#!/bin/bash

MFA_DEVICE=$1
if [ -z "$MFA_DEVICE" ]; then
  echo "MFA device ARN not specified." >&2
  exit 1
fi

# Prompt for OTP
OTP=
while true; do
  echo -n "Input OTP: "
  read -rs OTP
  echo

  if [[ $OTP =~ ^[0-9]{6}$ ]]; then
    break
  fi

  echo "OTP must be a six-digit number." >&2
done

# Fetch credentials, and export them.
CREDENTIALS=$(aws --profile="$AWS_PROFILE" sts get-session-token --serial-number "$MFA_DEVICE" --token-code "$OTP")

AWS_ACCESS_KEY_ID=$(jq -r ".Credentials.AccessKeyId" <<<"$CREDENTIALS")
AWS_SECRET_ACCESS_KEY=$(jq -r ".Credentials.SecretAccessKey" <<<"$CREDENTIALS")
AWS_SESSION_TOKEN=$(jq -r ".Credentials.SessionToken" <<<"$CREDENTIALS")

echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID"
echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY"
echo "AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN"

export AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY
export AWS_SESSION_TOKEN
	#!/bin/bash

	MFA_DEVICE=$1
	if [ -z "$MFA_DEVICE" ]; then
	echo "MFA device ARN not specified." >&2
	exit 1
	fi

	# Prompt for OTP
	OTP=
	while true; do
	echo -n "Input OTP: "
	read -rs OTP
	echo

	if [[ $OTP =~ ^[0-9]{6}$ ]]; then
	break
	fi

	echo "OTP must be a six-digit number." >&2
	done

	# Fetch credentials, and export them.
	CREDENTIALS=$(aws --profile="$AWS_PROFILE" sts get-session-token --serial-number "$MFA_DEVICE" --token-code "$OTP")

	AWS_ACCESS_KEY_ID=$(jq -r ".Credentials.AccessKeyId" <<<"$CREDENTIALS")
	AWS_SECRET_ACCESS_KEY=$(jq -r ".Credentials.SecretAccessKey" <<<"$CREDENTIALS")
	AWS_SESSION_TOKEN=$(jq -r ".Credentials.SessionToken" <<<"$CREDENTIALS")

	echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID"
	echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY"
	echo "AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN"

	export AWS_ACCESS_KEY_ID
	export AWS_SECRET_ACCESS_KEY
	export AWS_SESSION_TOKEN