- configure
default
profile with IAM user credentials
aws configure
- get session token (valid 12 hours by default)
aws sts get-session-token --serial-number arn:aws:iam::123456789012:mfa/IAM-USER-HERE --token-code MFA-CODE-HERE
- configure environment variables with session credentials
setx AWS_ACCESS_KEY_ID ""
setx AWS_SECRET_ACCESS_KEY ""
setx AWS_SESSION_TOKEN ""
- assume role (valid 12 hours because duration specified)
aws sts assume-role --role-arn arn:aws:iam::210987654321:role/IAM-ROLE-HERE --duration-seconds 43200 --role-session-name "USER-NAME-HERE-%random%"
- override environment variables with role credentials (do it in shell files that run your application)
set AWS_ACCESS_KEY_ID=
set AWS_SECRET_ACCESS_KEY=
set AWS_SESSION_TOKEN=