lokori/awsenv.sh

## awsenv.sh
#!/bin/bash

# Original: https://gist.github.com/woowa-hsw0/caa3340e2a7b390dbde81894f73e379d

set -eu
umask 0022

TMPDIR=$(mktemp -d awsenv)

echo "TEMPDIR $TMPDIR"

if [[ $# -ge 1 ]]; then
    AWS_PROFILE="$1"
else
    read -p 'Enter AWS_PROFILE: ' AWS_PROFILE
fi

caller_identity=($(aws --profile "$AWS_PROFILE" sts get-caller-identity --output text))


AWS_ACCOUNT_NUMBER="${caller_identity[0]}"
AWS_IAM_USER_ARN="${caller_identity[1]}"
AWS_IAM_USERNAME="$(basename "$AWS_IAM_USER_ARN")"
MFA_SERIAL="arn:aws:iam::$AWS_ACCOUNT_NUMBER:mfa/$AWS_IAM_USERNAME"

echo "AWS Account number: $AWS_ACCOUNT_NUMBER"
echo "IAM Username: $AWS_IAM_USERNAME"
echo "MFA Serial: $MFA_SERIAL"

if ykman oath info > "$TMPDIR/yk-oath-info" 2>&1 ; then
    echo "Trying to read MFA code from Yubikey."
    cat "$TMPDIR/yk-oath-info"
    rm -f "$TMPDIR/yk-oath-info"

    ykman oath code "$AWS_PROFILE" 2>&1 | tee "$TMPDIR/yk-mfa-code"
    # take the last field, the name of the MFA token can contain spaces (Amazon Web Services ...)
    otp_token=$(grep -F "$AWS_PROFILE" "$TMPDIR/yk-mfa-code" | rev | cut -d' ' -f1 |rev)
    echo "TOKEN $otp_token"
    rm -f "$TMPDIR/yk-mfa-code"
    [[ -z "$otp_token" ]] && exit 1
else
    read -p 'Enter MFA code: ' otp_token
fi

session_token=($(aws --profile "$AWS_PROFILE" sts get-session-token --serial-number $MFA_SERIAL --token-code $otp_token --query 'Credentials.[AccessKeyId,SecretAccessKey\
,SessionToken]' --output text))
export AWS_ACCESS_KEY_ID="${session_token[0]}" AWS_SECRET_ACCESS_KEY="${session_token[1]}" AWS_SESSION_TOKEN="${session_token[2]}"

aws sts get-caller-identity

rm -Rf "$TMPDIR"

echo "All set, aws configured"
	#!/bin/bash

	# Original: https://gist.github.com/woowa-hsw0/caa3340e2a7b390dbde81894f73e379d

	set -eu
	umask 0022

	TMPDIR=$(mktemp -d awsenv)

	echo "TEMPDIR $TMPDIR"

	if [[ $# -ge 1 ]]; then
	AWS_PROFILE="$1"
	else
	read -p 'Enter AWS_PROFILE: ' AWS_PROFILE
	fi

	caller_identity=($(aws --profile "$AWS_PROFILE" sts get-caller-identity --output text))


	AWS_ACCOUNT_NUMBER="${caller_identity[0]}"
	AWS_IAM_USER_ARN="${caller_identity[1]}"
	AWS_IAM_USERNAME="$(basename "$AWS_IAM_USER_ARN")"
	MFA_SERIAL="arn:aws:iam::$AWS_ACCOUNT_NUMBER:mfa/$AWS_IAM_USERNAME"

	echo "AWS Account number: $AWS_ACCOUNT_NUMBER"
	echo "IAM Username: $AWS_IAM_USERNAME"
	echo "MFA Serial: $MFA_SERIAL"

	if ykman oath info > "$TMPDIR/yk-oath-info" 2>&1 ; then
	echo "Trying to read MFA code from Yubikey."
	cat "$TMPDIR/yk-oath-info"
	rm -f "$TMPDIR/yk-oath-info"

	ykman oath code "$AWS_PROFILE" 2>&1 \| tee "$TMPDIR/yk-mfa-code"
	# take the last field, the name of the MFA token can contain spaces (Amazon Web Services ...)
	otp_token=$(grep -F "$AWS_PROFILE" "$TMPDIR/yk-mfa-code" \| rev \| cut -d' ' -f1 \|rev)
	echo "TOKEN $otp_token"
	rm -f "$TMPDIR/yk-mfa-code"
	[[ -z "$otp_token" ]] && exit 1
	else
	read -p 'Enter MFA code: ' otp_token
	fi

	session_token=($(aws --profile "$AWS_PROFILE" sts get-session-token --serial-number $MFA_SERIAL --token-code $otp_token --query 'Credentials.[AccessKeyId,SecretAccessKey\
	,SessionToken]' --output text))
	export AWS_ACCESS_KEY_ID="${session_token[0]}" AWS_SECRET_ACCESS_KEY="${session_token[1]}" AWS_SESSION_TOKEN="${session_token[2]}"

	aws sts get-caller-identity

	rm -Rf "$TMPDIR"

	echo "All set, aws configured"