Skip to content

Instantly share code, notes, and snippets.

@otakusid

otakusid/assume-role-with-mfa-local.md

Created April 2, 2018 08:56
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save otakusid/ceb5c47a1c28d3f6138e34e8a033ffdf to your computer and use it in GitHub Desktop.
Save otakusid/ceb5c47a1c28d3f6138e34e8a033ffdf to your computer and use it in GitHub Desktop.
Download ZIP
Assume role with MFA for local environment
Raw
assume-role-with-mfa-local.md
  • configure default profile with IAM user credentials
aws configure
  • get session token (valid 12 hours by default)
aws sts get-session-token --serial-number arn:aws:iam::123456789012:mfa/IAM-USER-HERE --token-code MFA-CODE-HERE
  • configure environment variables with session credentials
setx AWS_ACCESS_KEY_ID ""
setx AWS_SECRET_ACCESS_KEY ""
setx AWS_SESSION_TOKEN ""
  • assume role (valid 12 hours because duration specified)
aws sts assume-role --role-arn arn:aws:iam::210987654321:role/IAM-ROLE-HERE  --duration-seconds 43200 --role-session-name "USER-NAME-HERE-%random%"
  • override environment variables with role credentials (do it in shell files that run your application)
set AWS_ACCESS_KEY_ID=
set AWS_SECRET_ACCESS_KEY=
set AWS_SESSION_TOKEN=
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment