Skip to content

Instantly share code, notes, and snippets.

@infosanity

infosanity/get-temp-mfa-keys.py Secret

Created Nov 14, 2020
Embed
What would you like to do?
Outputs temporary AWS keypair credentials for user protected with MFA, formatted for inclusion in ~/.aws/credentials file
#!/usr/bin/python3
import boto3
import click
@click.group()
@click.option('--profile', default=None, help="Initial AWS Profile")
def cli(profile, token=123456):
global session
global conf
# ToDo: Update with ARN to YOUR token's serial number
conf = {
"tokenSerial":"arn:aws:iam::<AWS_ACCOUNT_NUMBER:mfa/<USER>",
}
if profile:
session = boto3.Session(profile_name=profile)
else:
session = boto3.Session()
return
@cli.command('get-token')
@click.option('--token', default=None, help="MFA token code")
def get_token(token):
if not token:
raise Exception ("No MFA token provided")
client = session.client("sts")
temp_session = client.get_session_token(
SerialNumber = conf["tokenSerial"],
TokenCode = token
)
# ToDo Update [*] with meaningful profile name
print("[TemporaryProfile]")
print("aws_secret_access_key = %s" %(temp_session["Credentials"]["SecretAccessKey"]))
print("aws_access_key_id = %s" %(temp_session["Credentials"]["AccessKeyId"]))
print("aws_session_token = %s" %(temp_session["Credentials"]["SessionToken"]))
return
if __name__ == "__main__":
cli()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.