Outputs temporary AWS keypair credentials for user protected with MFA, formatted for inclusion in ~/.aws/credentials file

get-temp-mfa-keys.py

#!/usr/bin/python3
import boto3
import click

@click.group()
@click.option('--profile', default=None, help="Initial AWS Profile")
def cli(profile, token=123456):
    global session

    global conf
    
    # ToDo: Update with ARN to YOUR token's serial number
    conf = {
            "tokenSerial":"arn:aws:iam::<AWS_ACCOUNT_NUMBER:mfa/<USER>",
            }

    if profile:
        session = boto3.Session(profile_name=profile)
    else:
        session = boto3.Session()

    return

@cli.command('get-token')
@click.option('--token', default=None, help="MFA token code")
def get_token(token):

    if not token:
        raise Exception ("No MFA token provided")

    client = session.client("sts")

    temp_session = client.get_session_token(
        SerialNumber = conf["tokenSerial"],
        TokenCode = token
    )
    
    # ToDo Update [*] with meaningful profile name
    print("[TemporaryProfile]")
    print("aws_secret_access_key = %s" %(temp_session["Credentials"]["SecretAccessKey"]))
    print("aws_access_key_id = %s" %(temp_session["Credentials"]["AccessKeyId"]))
    print("aws_session_token = %s" %(temp_session["Credentials"]["SessionToken"]))
    
    return

if __name__ == "__main__":
    cli()