Renew AWS session key and update .env file

aws_session.mjs

#!/usr/bin/env zx

const MFA_ARN = "...MFA_ARN..."
const baseFolder = "/Users/roman/dev/xyz"

const code = await question('What is MFA code? ')

// if using Yubikey 
// const codeRes = await $`ykman oath accounts code ${MFA_ARN}`
// const code = codeRes.stdout.split(/\s+/)[1]

if (!code) {
  throw "code not defined"
}

const sessionRes = await $`aws --profile main sts get-session-token --serial-number ${MFA_ARN} --token-code ${code}`

const credentials = JSON.parse(sessionRes.stdout).Credentials


console.log({ credentials })

await $`aws configure set aws_access_key_id ${credentials.AccessKeyId}`
await $`aws configure set aws_secret_access_key ${credentials.SecretAccessKey}`
await $`aws configure set aws_session_token ${credentials.SessionToken}`


const apps = [`${baseFolder}/web-graphql`];


async function replaceInFile(varName, value, file) {
  await $`sed -i '' ${'/^' + varName + '=/s|=.*|=' + value + '|'} ${file}`
}

for(let folder of apps) {
  cd(folder)

  await replaceInFile("AWS_ACCESS_KEY_ID", credentials.AccessKeyId, ".env");
  await replaceInFile("AWS_SECRET_ACCESS_KEY", credentials.SecretAccessKey, ".env");
  await replaceInFile("AWS_SESSION_TOKEN", credentials.SessionToken, ".env");
}

requires zx to be installed

~/.aws/credentials

main profile is used only to generate session key that is saved as default

[main]
aws_access_key_id = ....
aws_secret_access_key = ...


[default]
aws_access_key_id = ....
aws_secret_access_key = ...
aws_session_token =  ....