temporary credentials for an Amazon Web Services account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token

Revoke temp session token for AWS

#r "nuget:AWSSDK.SecurityToken"

open Amazon
open Amazon.Runtime.CredentialManagement
open Amazon.SecurityToken
open Amazon.SecurityToken.Model

let awsCredentials profile =
    let chain = CredentialProfileStoreChain()
    match chain.TryGetAWSCredentials profile with
    | true, awsCredentials -> awsCredentials
    | false, _ -> failwith $"invalid profile name '{profile}'"

let sessionTokenRequest serialNumber durationSeconds tokenCode =
    GetSessionTokenRequest(
        SerialNumber = serialNumber,
        TokenCode = tokenCode,
        DurationSeconds = durationSeconds 
    )

let sessionTokenResponse sessionTokenRequest (client: AmazonSecurityTokenServiceClient) =
    try 
        use _ = client
        client.GetSessionTokenAsync(request = sessionTokenRequest).GetAwaiter().GetResult()
    with :? AmazonSecurityTokenServiceException as exn -> failwith exn.Message

let profileOptions (credentials: Credentials) =
    CredentialProfileOptions(
        AccessKey = credentials.AccessKeyId,
        SecretKey = credentials.SecretAccessKey,
        Token = credentials.SessionToken
    )

let profile profileName region profileOptions =
    CredentialProfile(profileName, profileOptions, Region = region)

let registerProfile  profile =
    let sharedProfile = SharedCredentialsFile()
    sharedProfile.RegisterProfile profile

let stsClient credentials = new AmazonSecurityTokenServiceClient(credentials = credentials)

let revokeTempProfile mfaProfile serialNumber region mfaCode =
    let request = sessionTokenRequest serialNumber 129_600 mfaCode
    
    mfaProfile 
    |> awsCredentials 
    |> stsClient
    |> sessionTokenResponse request
    |> _.Credentials
    |> profileOptions
    |> profile "default" region
    |> registerProfile

let mfaCode = System.Console.ReadLine()

revokeTempProfile 
    <mfa profile> 
    <mfa serial number> 
    <region>
    mfaCode

System.Console.WriteLine "Done!!!"

using SSO v1

#r "nuget:AWSSDK.SSOOIDC"
#r "nuget:AWSSDK.SSO"

open System.Diagnostics
open Amazon
open Amazon.Runtime.CredentialManagement
open Amazon.Runtime

let ssoCredentials profile =
    let chain = CredentialProfileStoreChain()
    let credentials =
        match chain.TryGetAWSCredentials profile with
        | true, value -> value
        | false, _ -> failwith $"Failed to find the {profile} profile"

    let ssoCredentials = credentials :?> SSOAWSCredentials

    ssoCredentials.Options.ClientName <- "Example-SSO-App";
    ssoCredentials.Options.SsoVerificationCallback <- fun args ->
        // Launch a browser window that prompts the SSO user to complete an SSO sign-in.
        // This method is only invoked if the session doesn't already have a valid SSO token.
        // NOTE: Process.Start might not support launching a browser on macOS or Linux. If not,
        //       use an appropriate mechanism on those systems instead.
        Process.Start(ProcessStartInfo(
            FileName = args.VerificationUriComplete,
            UseShellExecute = true
        )) |> ignore

    ssoCredentials

let ssoProfileOptions (credentials: ImmutableCredentials) =
    CredentialProfileOptions(
        AccessKey = credentials.AccessKey,
        SecretKey = credentials.SecretKey,
        Token = credentials.Token
    )

let profile profileName region profileOptions =
    CredentialProfile(profileName, profileOptions, Region = region)

let registerProfile  profile =
    let sharedProfile = SharedCredentialsFile()
    sharedProfile.RegisterProfile profile

let revokeTempProfileSSO ssoProfile region =
    ssoProfile 
    |> ssoCredentials
    |> _.GetCredentials()
    |> ssoProfileOptions 
    |> profile "default" region
    |> registerProfile

revokeTempProfileSSO <sso profile> <region>

System.Console.WriteLine "Done!!!"

using SSO v2

#r "nuget:AWSSDK.SSOOIDC"
#r "nuget:AWSSDK.SSO"

open System.Diagnostics
open Amazon
open Amazon.Runtime.CredentialManagement
open Amazon.Runtime

let ssoCredentials profile =
    let startInfo = ProcessStartInfo(
        FileName = "aws",
        Arguments = $"sso login --profile {profile}",
        UseShellExecute = false,
        RedirectStandardOutput = true,
        RedirectStandardError = true)
    
    use process' = new Process(StartInfo = startInfo)
    process'.OutputDataReceived.AddHandler(fun _ e -> printfn "%s" e.Data)
    process'.Start() |> ignore
    process'.BeginOutputReadLine()
    process'.WaitForExit() 

    if process'.ExitCode <> 0 then
        failwithf "%s" <| process'.StandardError.ReadToEnd()

    let chain = CredentialProfileStoreChain()
    let _, awsCredential = chain.TryGetAWSCredentials profile
    awsCredential :?> SSOAWSCredentials

let ssoProfileOptions (credentials: ImmutableCredentials) =
    CredentialProfileOptions(
        AccessKey = credentials.AccessKey,
        SecretKey = credentials.SecretKey,
        Token = credentials.Token
    )

let profile profileName region profileOptions =
    CredentialProfile(profileName, profileOptions, Region = region)

let registerProfile  profile =
    let sharedProfile = SharedCredentialsFile()
    sharedProfile.RegisterProfile profile

let revokeTempProfileSSO ssoProfile region =
    ssoProfile 
    |> ssoCredentials
    |> _.GetCredentials()
    |> ssoProfileOptions
    |> profile "default" region
    |> registerProfile

revokeTempProfileSSO <sso profile> <region>

printfn "Done!!!"