Script to generate AWS STS token

aws-temp-token.sh

#!/bin/bash
#
# Sample for getting temp session token from AWS STS
#
# aws sts get-session-token \
# --serial-number arn:aws:iam::012345678901:mfa/user --token-code 012345
#
# Based on : https://gist.github.com/ogavrisevs/2debdcb96d3002a9cbf2
#

AWS_CLI=`which aws`

if [ $? -ne 0 ]; then
  echo "AWS CLI is not installed; exiting"
  exit 1
else
  echo "Using AWS CLI found at $AWS_CLI"
fi

if [ $# -ne 2 ]; then
  echo "Usage: $0  <MFA_TOKEN_CODE> <SERIAL_NUMBER>"
  echo "Where:"
  echo "   <MFA_TOKEN_CODE> = Code from virtual MFA device"
  echo "   <SERIAL_NUMBER> = Assigned MFA device in your security credentials"
  echo "   EXAMPLE = $0 652774 arn:aws:iam::0185xxx58827:mfa/Ernesto"
  exit 2
fi

AWS_2AUTH_PROFILE=2auth
MFA_TOKEN_CODE=$1
SERIAL_NUMBER $2

echo "AWS-CLI Profile: $AWS_CLI_PROFILE"
echo "SERIAL_NUMBER: $SERIAL_NUMBER"
echo "MFA Token Code: $MFA_TOKEN_CODE"
set -x

read AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN <<< \
$( aws --serial-number $SERIAL_NUMBER \
  --token-code $MFA_TOKEN_CODE \
  --output text  | awk '{ print $2, $4, $5 }')

echo "AWS_ACCESS_KEY_ID: " $AWS_ACCESS_KEY_ID
echo "AWS_SECRET_ACCESS_KEY: " $AWS_SECRET_ACCESS_KEY
echo "AWS_SESSION_TOKEN: " $AWS_SESSION_TOKEN

if [ -z "$AWS_ACCESS_KEY_ID" ]
then
  exit 1
fi

`aws --profile $AWS_2AUTH_PROFILE configure set aws_access_key_id "$AWS_ACCESS_KEY_ID"`
`aws --profile $AWS_2AUTH_PROFILE configure set aws_secret_access_key "$AWS_SECRET_ACCESS_KEY"`
`aws --profile $AWS_2AUTH_PROFILE configure set aws_session_token "$AWS_SESSION_TOKEN"`

config

~/.aws/config
[default]
region = eu-west-1

credentials

~/.aws/credentials

[userName]
aws_access_key_id: AxxxxxxxxxxxxxxxxxQ
aws_secret_access_key: hxxxxxxxxxxxxxxxxxx4

[2auth]
aws_access_key_id = AxxxxxxxxxxxxxxxxxA
aws_secret_access_key = pxxxxxxxxxxxxxxxxxxxxxy
aws_session_token = AxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxF

usage

$ aws --profile 2auth ec2 describe-instances