flypenguin/get-aws-access-token.sh

## get-aws-access-token.sh
# gat = (G)et (A)ws session(T)oken
gat() {
  local TOKEN_DURATION=28800 # 8h

  local APRO_BACKUP
  local AKID_BACKUP
  local ASAK_BACKUP
  local ASET_BACKUP
  APRO_BACKUP=$AWS_PROFILE
  AKID_BACKUP=$AWS_ACCESS_KEY_ID
  ASAK_BACKUP=$AWS_SECRET_ACCESS_KEY
  ASET_BACKUP=$AWS_SESSION_TOKEN

  if [ -n "$AWS_SESSION_TOKEN" -a "$1" != "-f" ] ; then
    echo "Seems we are already using a session token, use -f to override."
    return
  fi

  echo -n "AWS profile to use (ENTER for none): "
  read AWS_PROFILE
  [ -z "$AWS_PROFILE" ] && unset AWS_PROFILE
  [ -n "$AWS_PROFILE" ] && echo "Using AWS profile '$AWS_PROFILE'" && export AWS_PROFILE

  echo -n "Enter MFA token value (ENTER to abort): "
  read MFA_TOKEN
  [ -z "$MFA_TOKEN" ] && echo "Abort." && return

  if [ -n "$AWS_SESSION_TOKEN" ] ; then
    unset AWS_SESSION_TOKEN
    unset AWS_ACCESS_KEY_ID
    unset AWS_SECRET_ACCESS_KEY
  fi

  MFA_ARN=$(aws iam list-mfa-devices | jq -r '.MFADevices[0].SerialNumber')
  if [ "$?" != "0" ] ; then
    export AWS_PROFILE=$APRO_BACKUP
    export AWS_ACCESS_KEY_ID=$AKID_BACKUP
    export AWS_SECRET_ACCESS_KEY=$ASAK_BACKUP
    export AWS_SESSION_TOKEN=$ASET_BACKUP
    return
  fi

  SESSION_TOKEN_JSON=$(aws sts get-session-token --serial-number $MFA_ARN --token-code $MFA_TOKEN --duration-seconds $TOKEN_DURATION)
  if [ "$?" != "0" ] ; then
    export AWS_PROFILE=$APRO_BACKUP
    export AWS_ACCESS_KEY_ID=$AKID_BACKUP
    export AWS_SECRET_ACCESS_KEY=$ASAK_BACKUP
    export AWS_SESSION_TOKEN=$ASET_BACKUP
    return
  fi

  export AWS_ACCESS_KEY_ID=$(echo $SESSION_TOKEN_JSON | jq -r '.Credentials.AccessKeyId')
  export AWS_SECRET_ACCESS_KEY=$(echo $SESSION_TOKEN_JSON | jq -r '.Credentials.SecretAccessKey')
  export AWS_SESSION_TOKEN=$(echo $SESSION_TOKEN_JSON | jq -r '.Credentials.SessionToken')
  unset AWS_PROFILE
}
	# gat = (G)et (A)ws session(T)oken
	gat() {
	local TOKEN_DURATION=28800 # 8h

	local APRO_BACKUP
	local AKID_BACKUP
	local ASAK_BACKUP
	local ASET_BACKUP
	APRO_BACKUP=$AWS_PROFILE
	AKID_BACKUP=$AWS_ACCESS_KEY_ID
	ASAK_BACKUP=$AWS_SECRET_ACCESS_KEY
	ASET_BACKUP=$AWS_SESSION_TOKEN

	if [ -n "$AWS_SESSION_TOKEN" -a "$1" != "-f" ] ; then
	echo "Seems we are already using a session token, use -f to override."
	return
	fi

	echo -n "AWS profile to use (ENTER for none): "
	read AWS_PROFILE
	[ -z "$AWS_PROFILE" ] && unset AWS_PROFILE
	[ -n "$AWS_PROFILE" ] && echo "Using AWS profile '$AWS_PROFILE'" && export AWS_PROFILE

	echo -n "Enter MFA token value (ENTER to abort): "
	read MFA_TOKEN
	[ -z "$MFA_TOKEN" ] && echo "Abort." && return

	if [ -n "$AWS_SESSION_TOKEN" ] ; then
	unset AWS_SESSION_TOKEN
	unset AWS_ACCESS_KEY_ID
	unset AWS_SECRET_ACCESS_KEY
	fi

	MFA_ARN=$(aws iam list-mfa-devices \| jq -r '.MFADevices[0].SerialNumber')
	if [ "$?" != "0" ] ; then
	export AWS_PROFILE=$APRO_BACKUP
	export AWS_ACCESS_KEY_ID=$AKID_BACKUP
	export AWS_SECRET_ACCESS_KEY=$ASAK_BACKUP
	export AWS_SESSION_TOKEN=$ASET_BACKUP
	return
	fi

	SESSION_TOKEN_JSON=$(aws sts get-session-token --serial-number $MFA_ARN --token-code $MFA_TOKEN --duration-seconds $TOKEN_DURATION)
	if [ "$?" != "0" ] ; then
	export AWS_PROFILE=$APRO_BACKUP
	export AWS_ACCESS_KEY_ID=$AKID_BACKUP
	export AWS_SECRET_ACCESS_KEY=$ASAK_BACKUP
	export AWS_SESSION_TOKEN=$ASET_BACKUP
	return
	fi

	export AWS_ACCESS_KEY_ID=$(echo $SESSION_TOKEN_JSON \| jq -r '.Credentials.AccessKeyId')
	export AWS_SECRET_ACCESS_KEY=$(echo $SESSION_TOKEN_JSON \| jq -r '.Credentials.SecretAccessKey')
	export AWS_SESSION_TOKEN=$(echo $SESSION_TOKEN_JSON \| jq -r '.Credentials.SessionToken')
	unset AWS_PROFILE
	}