Use the tools in this gist to use MFA Authentication from the command line.
- Install the (AWS CLI)[https://docs.aws.amazon.com/cli/latest/userguide/install-cliv1.html]
- On your AWS Account Page, generate your access keys ("My Security Credentials" > "Access keys for CLI, SDK, & API access" > "Create Access Key").
- Run
aws configure
. When it asks for your "AWS Access Key ID" and "AWS Secret Key", use those generated in [2]. - Place
mfa-commands.sh
,mfa.cfg
, andmfa.sh
in~/.aws/
. chmod +x ~/.aws/mfa.sh
&chmod +x ~/.aws/mfa-commands.sh
- Update
~/.aws/mfa.cfg
, replacing the values for<MY AWS ACCOUNT ID>
and<MY AWS USER>
with those for your account. Your can find these in your "User ARN" on your AWS Account Page. - Add
source ~/.aws/mfa-commands.sh
to the end of your~/.bashrc
,~/.bash_profile
, or~/.zshrc
. source ~/<FILE FROM [7]>
- Get an MFA token from your authenticator app.
- Invoke
aws-mfa <MFA TOKEN FROM [1]>
Usage
➜ aws-mfa git:(master) ✗ aws-mfa
Usage: /Users/peterstein/.aws/mfa.sh <MFA_TOKEN_CODE> <AWS_CLI_PROFILE>
Where:
<MFA_TOKEN_CODE> = Code from virtual MFA device
<AWS_CLI_PROFILE> = aws-cli profile usually in /Users/peterstein/.aws/config
Success
➜ aws-mfa git:(master) ✗ aws-mfa 111111
We've set your credentials in this shell
Generated at: '2020-01-03 17:42:36'
These credentials are valid for *12 hours*
- Your credentials are only valid in the shell in which you invoked
aws-mfa
. To use those credentials in another shell, you can runaws-mfa-reup
.
had to chmod 744 mfa.sh but otherwise good to go