Outputs temporary AWS keypair credentials for user protected with MFA, formatted for inclusion in ~/.aws/credentials file
#!/usr/bin/python3 | |
import boto3 | |
import click | |
@click.group() | |
@click.option('--profile', default=None, help="Initial AWS Profile") | |
def cli(profile, token=123456): | |
global session | |
global conf | |
# ToDo: Update with ARN to YOUR token's serial number | |
conf = { | |
"tokenSerial":"arn:aws:iam::<AWS_ACCOUNT_NUMBER:mfa/<USER>", | |
} | |
if profile: | |
session = boto3.Session(profile_name=profile) | |
else: | |
session = boto3.Session() | |
return | |
@cli.command('get-token') | |
@click.option('--token', default=None, help="MFA token code") | |
def get_token(token): | |
if not token: | |
raise Exception ("No MFA token provided") | |
client = session.client("sts") | |
temp_session = client.get_session_token( | |
SerialNumber = conf["tokenSerial"], | |
TokenCode = token | |
) | |
# ToDo Update [*] with meaningful profile name | |
print("[TemporaryProfile]") | |
print("aws_secret_access_key = %s" %(temp_session["Credentials"]["SecretAccessKey"])) | |
print("aws_access_key_id = %s" %(temp_session["Credentials"]["AccessKeyId"])) | |
print("aws_session_token = %s" %(temp_session["Credentials"]["SessionToken"])) | |
return | |
if __name__ == "__main__": | |
cli() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment