Skip to content

Instantly share code, notes, and snippets.

Created November 14, 2020 09:52
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Outputs temporary AWS keypair credentials for user protected with MFA, formatted for inclusion in ~/.aws/credentials file
import boto3
import click
@click.option('--profile', default=None, help="Initial AWS Profile")
def cli(profile, token=123456):
global session
global conf
# ToDo: Update with ARN to YOUR token's serial number
conf = {
if profile:
session = boto3.Session(profile_name=profile)
session = boto3.Session()
@click.option('--token', default=None, help="MFA token code")
def get_token(token):
if not token:
raise Exception ("No MFA token provided")
client = session.client("sts")
temp_session = client.get_session_token(
SerialNumber = conf["tokenSerial"],
TokenCode = token
# ToDo Update [*] with meaningful profile name
print("aws_secret_access_key = %s" %(temp_session["Credentials"]["SecretAccessKey"]))
print("aws_access_key_id = %s" %(temp_session["Credentials"]["AccessKeyId"]))
print("aws_session_token = %s" %(temp_session["Credentials"]["SessionToken"]))
if __name__ == "__main__":
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment