This document provides instructions on how to use the following tools to manage access to AWS on macOS/Linux engineer's workplace
- GnuPG
- AWS vault
pass
password manager
pass
OTP extension
Note
The storage of the first factor authenticatiton (credentials keys) and the source for the second factor (OTP key, which is used to generate OTP codes) in the same vault (even encrypted) runs against security best practices. It is recommended that you use a dedicated MFA device to generate OTP codes. The instructions provided in the document show how all the mentioned tools can interact and help understand how to manage these and/or other tools according to security best practices