Last active
August 29, 2019 23:01
-
-
Save burdara/b85f953b3d574f8740540b667a527a8d to your computer and use it in GitHub Desktop.
Bash helper function for getting AWS session token using MFA.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# | |
# AWS MFA helper function. | |
# Add this file to your dotfiles of source directly. | |
# AWS MFA wrapper | |
# Globals: | |
# | |
# Arguments: | |
# 1: mfa token | |
# Returns: | |
# None | |
aws-mfa() { | |
local mfa_serial_number mfa_code ttl_seconds session_creds_json rc | |
local default_ttl_seconds="28800" | |
local session_profile_name="session" | |
while [[ -n "$1" ]]; do | |
case "$1" in | |
-c|--code) shift; mfa_code="$1" ;; | |
-s|--serial) shift; mfa_serial_number="$1" ;; | |
-t|--ttl) shift; ttl_seconds="$1" ;; | |
-h|--help) cat <<EOF | |
usage: aws-mfa [options] | |
options: | |
-c, --code The value provided by the MFA device. | |
-s, --serial The identification number of the MFA device that is associated with the IAM user. | |
-t, --ttl The duration, in seconds, that the credentials should remain valid. (default $default_ttl_seconds) | |
-h, --help | |
EOF | |
return 0 | |
esac | |
done | |
# If empty attempt discovery or prompt | |
[[ -z "$mfa_serial_number" ]] \ | |
&& mfa_serial_number="$(aws iam list-mfa-devices | jq -r '.MFADevices[0].SerialNumber')" | |
[[ -z "$mfa_code" ]] \ | |
&& read -r -p "Enter MFA code: " mfa_code | |
# Double check emptiness | |
[[ -z "$mfa_serial_number" ]] \ | |
&& echo "mfa_serial_number not specified or empty." && return 1 | |
[[ -z "$mfa_code" ]] \ | |
&& echo "mfa_code not specified or empty." && return 1 | |
session_creds_json="$(aws sts get-session-token \ | |
--serial-number "$mfa_serial_number" \ | |
--token-code "$mfa_code" \ | |
--duration-seconds "${ttl_seconds:-$default_ttl_seconds}")" | |
rc="$?"; [[ "$rc" -ne 0 ]] && echo "failed to get session token" && return "$rc" | |
aws configure --profile "$session_profile_name" set aws_access_key_id \ | |
"$(echo "$session_creds_json" | jq -r .Credentials.AccessKeyId)" | |
aws configure --profile "$session_profile_name" set aws_secret_access_key \ | |
"$(echo "$session_creds_json" | jq -r .Credentials.SecretAccessKey)" | |
aws configure --profile "$session_profile_name" set aws_session_token \ | |
"$(echo "$session_creds_json" | jq -r .Credentials.SessionToken)" | |
cat <<EOF | |
AWS profile \"$session_profile_name\" has been created. | |
Please set your AWS_DEFAULT_PROFILE or us --profile options. | |
EOF | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment