hayajo/aws-set-session-token-with-mfa.sh

## aws-set-session-token-with-mfa.sh
#!/usr/bin/env bash

MFA_PROFILE_SUFFIX="-mfa"

AWS_PROFILE="$(aws configure list-profiles | grep -v -e "$MFA_PROFILE_SUFFIX\$" | fzf)"

if [ -z "$AWS_PROFILE" ]; then
    echo "Please select profile" >&2
    exit 1
fi


printf "Input %q MFA: " "$AWS_PROFILE"
read -r TOKEN_CODE

SERIAL_NUMBER=$(aws iam --profile="$AWS_PROFILE" list-mfa-devices | jq -r '.MFADevices[0].SerialNumber // empty')
if [ -z "$SERIAL_NUMBER" ]; then
    echo 'Failed to get Serial Number' >&2
    exit 1
fi

SESSION_JSON=$(aws --profile="$AWS_PROFILE" sts get-session-token --serial-number="$SERIAL_NUMBER" --token-code="$TOKEN_CODE" --output=json)
# shellcheck disable=SC2181
if [ $? -ne 0 ]; then
    echo 'Failed to get session token' >&2
    exit 1
fi

MFA_ACCESS_KEY=$(echo "$SESSION_JSON" | jq -r '.Credentials.AccessKeyId')
MFA_SECRET_ACCESS_KEY=$(echo "$SESSION_JSON" | jq -r '.Credentials.SecretAccessKey')
MFA_SESSION_TOKEN=$(echo "$SESSION_JSON" | jq -r '.Credentials.SessionToken')
MFA_EXPIRATION=$(echo "$SESSION_JSON" | jq -r '.Credentials.Expiration')

## MFA プロファイルは、AWS_PROFILE の suffix を付けたものにする
MFA_PROFILE_NAME="${AWS_PROFILE}${MFA_PROFILE_SUFFIX}"

aws --profile="$MFA_PROFILE_NAME" configure set aws_access_key_id "$MFA_ACCESS_KEY"
aws --profile="$MFA_PROFILE_NAME" configure set aws_secret_access_key "$MFA_SECRET_ACCESS_KEY"
aws --profile="$MFA_PROFILE_NAME" configure set aws_session_token "$MFA_SESSION_TOKEN"

# JSON フォーマットで結果を出力
jq -n '{ profile: $profile, expiration: $expiration }' \
    --arg profile "$MFA_PROFILE_NAME" \
    --arg expiration "$MFA_EXPIRATION"
	#!/usr/bin/env bash

	MFA_PROFILE_SUFFIX="-mfa"

	AWS_PROFILE="$(aws configure list-profiles \| grep -v -e "$MFA_PROFILE_SUFFIX\$" \| fzf)"

	if [ -z "$AWS_PROFILE" ]; then
	echo "Please select profile" >&2
	exit 1
	fi


	printf "Input %q MFA: " "$AWS_PROFILE"
	read -r TOKEN_CODE

	SERIAL_NUMBER=$(aws iam --profile="$AWS_PROFILE" list-mfa-devices \| jq -r '.MFADevices[0].SerialNumber // empty')
	if [ -z "$SERIAL_NUMBER" ]; then
	echo 'Failed to get Serial Number' >&2
	exit 1
	fi

	SESSION_JSON=$(aws --profile="$AWS_PROFILE" sts get-session-token --serial-number="$SERIAL_NUMBER" --token-code="$TOKEN_CODE" --output=json)
	# shellcheck disable=SC2181
	if [ $? -ne 0 ]; then
	echo 'Failed to get session token' >&2
	exit 1
	fi

	MFA_ACCESS_KEY=$(echo "$SESSION_JSON" \| jq -r '.Credentials.AccessKeyId')
	MFA_SECRET_ACCESS_KEY=$(echo "$SESSION_JSON" \| jq -r '.Credentials.SecretAccessKey')
	MFA_SESSION_TOKEN=$(echo "$SESSION_JSON" \| jq -r '.Credentials.SessionToken')
	MFA_EXPIRATION=$(echo "$SESSION_JSON" \| jq -r '.Credentials.Expiration')

	## MFA プロファイルは、AWS_PROFILE の suffix を付けたものにする
	MFA_PROFILE_NAME="${AWS_PROFILE}${MFA_PROFILE_SUFFIX}"

	aws --profile="$MFA_PROFILE_NAME" configure set aws_access_key_id "$MFA_ACCESS_KEY"
	aws --profile="$MFA_PROFILE_NAME" configure set aws_secret_access_key "$MFA_SECRET_ACCESS_KEY"
	aws --profile="$MFA_PROFILE_NAME" configure set aws_session_token "$MFA_SESSION_TOKEN"

	# JSON フォーマットで結果を出力
	jq -n '{ profile: $profile, expiration: $expiration }' \
	--arg profile "$MFA_PROFILE_NAME" \
	--arg expiration "$MFA_EXPIRATION"