Skip to content

Instantly share code, notes, and snippets.

Created Nov 14, 2020
What would you like to do?
Outputs temporary AWS keypair credentials for user protected with MFA, formatted for inclusion in ~/.aws/credentials file
import boto3
import click
@click.option('--profile', default=None, help="Initial AWS Profile")
def cli(profile, token=123456):
global session
global conf
# ToDo: Update with ARN to YOUR token's serial number
conf = {
if profile:
session = boto3.Session(profile_name=profile)
session = boto3.Session()
@click.option('--token', default=None, help="MFA token code")
def get_token(token):
if not token:
raise Exception ("No MFA token provided")
client = session.client("sts")
temp_session = client.get_session_token(
SerialNumber = conf["tokenSerial"],
TokenCode = token
# ToDo Update [*] with meaningful profile name
print("aws_secret_access_key = %s" %(temp_session["Credentials"]["SecretAccessKey"]))
print("aws_access_key_id = %s" %(temp_session["Credentials"]["AccessKeyId"]))
print("aws_session_token = %s" %(temp_session["Credentials"]["SessionToken"]))
if __name__ == "__main__":
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment