Last active
February 3, 2020 12:50
-
-
Save olegbuevich/41056352effe7334bddb436c33609d90 to your computer and use it in GitHub Desktop.
get temporary credentials for using aws resources with force mfa policy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -eu | |
# USAGE: | |
# ./get-temporary-credentials.sh TOKEN | |
# sample: ./get-temporary-credentials.sh 123456 | |
# AWS named profile | |
AWS_PROFILE=personal | |
# The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call | |
AWS_MFA_SERIAL_NUMBER="arn:aws:iam::<ACCOUNT_ID>:mfa/<USERNAME>" | |
# The value provided by the MFA device, if MFA is required. | |
MFA_TOKEN="$1" | |
# The duration, in seconds, that the credentials should remain valid | |
CREDENTIALS_DURATION=86400 | |
MFA_CREDENTIALS=$(aws --profile ${AWS_PROFILE} sts get-session-token --serial-number ${AWS_MFA_SERIAL_NUMBER} --token-code "${MFA_TOKEN}" --duration-seconds ${CREDENTIALS_DURATION}) | |
AWS_ACCESS_KEY_ID=$(echo "${MFA_CREDENTIALS}" | jq -r '.Credentials.AccessKeyId' ) | |
AWS_SECRET_ACCESS_KEY=$(echo "${MFA_CREDENTIALS}" | jq -r '.Credentials.SecretAccessKey' ) | |
AWS_SESSION_TOKEN=$(echo "${MFA_CREDENTIALS}" | jq -r '.Credentials.SessionToken' ) | |
echo AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" | |
echo AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" | |
echo AWS_SESSION_TOKEN="${AWS_SESSION_TOKEN}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment