-
-
Save ernesto-butto/975b980abbf6812807ddb036670e878b to your computer and use it in GitHub Desktop.
Script to generate AWS STS token
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Sample for getting temp session token from AWS STS | |
# | |
# aws sts get-session-token \ | |
# --serial-number arn:aws:iam::012345678901:mfa/user --token-code 012345 | |
# | |
# Based on : https://gist.github.com/ogavrisevs/2debdcb96d3002a9cbf2 | |
# | |
AWS_CLI=`which aws` | |
if [ $? -ne 0 ]; then | |
echo "AWS CLI is not installed; exiting" | |
exit 1 | |
else | |
echo "Using AWS CLI found at $AWS_CLI" | |
fi | |
if [ $# -ne 2 ]; then | |
echo "Usage: $0 <MFA_TOKEN_CODE> <SERIAL_NUMBER>" | |
echo "Where:" | |
echo " <MFA_TOKEN_CODE> = Code from virtual MFA device" | |
echo " <SERIAL_NUMBER> = Assigned MFA device in your security credentials" | |
echo " EXAMPLE = $0 652774 arn:aws:iam::0185xxx58827:mfa/Ernesto" | |
exit 2 | |
fi | |
AWS_2AUTH_PROFILE=2auth | |
MFA_TOKEN_CODE=$1 | |
SERIAL_NUMBER $2 | |
echo "AWS-CLI Profile: $AWS_CLI_PROFILE" | |
echo "SERIAL_NUMBER: $SERIAL_NUMBER" | |
echo "MFA Token Code: $MFA_TOKEN_CODE" | |
set -x | |
read AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN <<< \ | |
$( aws --serial-number $SERIAL_NUMBER \ | |
--token-code $MFA_TOKEN_CODE \ | |
--output text | awk '{ print $2, $4, $5 }') | |
echo "AWS_ACCESS_KEY_ID: " $AWS_ACCESS_KEY_ID | |
echo "AWS_SECRET_ACCESS_KEY: " $AWS_SECRET_ACCESS_KEY | |
echo "AWS_SESSION_TOKEN: " $AWS_SESSION_TOKEN | |
if [ -z "$AWS_ACCESS_KEY_ID" ] | |
then | |
exit 1 | |
fi | |
`aws --profile $AWS_2AUTH_PROFILE configure set aws_access_key_id "$AWS_ACCESS_KEY_ID"` | |
`aws --profile $AWS_2AUTH_PROFILE configure set aws_secret_access_key "$AWS_SECRET_ACCESS_KEY"` | |
`aws --profile $AWS_2AUTH_PROFILE configure set aws_session_token "$AWS_SESSION_TOKEN"` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
~/.aws/config | |
[default] | |
region = eu-west-1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
~/.aws/credentials | |
[userName] | |
aws_access_key_id: AxxxxxxxxxxxxxxxxxQ | |
aws_secret_access_key: hxxxxxxxxxxxxxxxxxx4 | |
[2auth] | |
aws_access_key_id = AxxxxxxxxxxxxxxxxxA | |
aws_secret_access_key = pxxxxxxxxxxxxxxxxxxxxxy | |
aws_session_token = AxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxF |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ aws --profile 2auth ec2 describe-instances |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment