Skip to content

Instantly share code, notes, and snippets.

@graphaelli

graphaelli/aws-session-env.py

Created December 29, 2017 18:21
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save graphaelli/588b696c3f0fd4c2aec886d4888141ca to your computer and use it in GitHub Desktop.
Save graphaelli/588b696c3f0fd4c2aec886d4888141ca to your computer and use it in GitHub Desktop.
Download ZIP
Export environment variables for AWS cli w/MFA.
Raw
aws-session-env.py
#!/usr/bin/env python
"""Export environment variables for AWS cli w/MFA.
eval $(aws-session-env.py $1)
"""
import argparse
import os
import boto3
MFA_ACCOUNT=''
MFA_USER=''
def main():
parser = argparse.ArgumentParser()
parser.add_argument('-d', '--duration', type=int, default=129600)
parser.add_argument('-m', '--mfa-device', type=str, default=f'arn:aws:iam::{MFA_ACCOUNT}:mfa/{MFA_USER}')
parser.add_argument('-p', '--profile', type=str, default=os.getenv('AWS_PROFILE'))
parser.add_argument('token_code')
args = parser.parse_args()
session_args = {}
if args.profile:
session_args['profile_name'] = args.profile
session = boto3.Session(**session_args)
client = session.client('sts')
token = client.get_session_token(
DurationSeconds=args.duration,
SerialNumber=args.mfa_device,
TokenCode=args.token_code,
)
creds = token['Credentials']
print("export AWS_ACCESS_KEY_ID={key}\nexport AWS_SECRET_ACCESS_KEY={secret}\nexport AWS_SESSION_TOKEN={token}\n".format(
key=creds['AccessKeyId'],
secret=creds['SecretAccessKey'],
token=creds['SessionToken'],
))
if __name__ == '__main__':
main()
@graphaelli
Copy link
Author

useful with a shell function:

aws-session-env () 
{ 
    eval $(aws-session-env.py $1)
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment