Last active
November 6, 2018 16:31
-
-
Save sairoko12/57e430aa5808cb751a66acb0a6a570fc to your computer and use it in GitHub Desktop.
Script regenerate aws cli session with MFA virtual device
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sh regenerate-aws-session.sh 123456 # <- This is my mfa token | |
# Or | |
regenerate-aws-session 123456 # <- This is my mfa token | |
# Done 🎊 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This script is optional | |
sudo chmod -x regenerate-aws-session.sh | |
sudo mv ./regenerate-aws-session.sh /usr/local/bin/regenerate-aws-session | |
# Now then test your script | |
regenerate-aws-session 123456 # <- Your token provided by mfa | |
# Looks the magic 🔮 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Sample for getting temp session token from AWS STS | |
# | |
# aws --profile youriamuser sts get-session-token --duration 3600 \ | |
# --serial-number arn:aws:iam::012345678901:mfa/user --token-code 012345 | |
# | |
# Based on : https://github.com/EvidentSecurity/MFAonCLI/blob/master/aws-temp-token.sh | |
# | |
AWS_CLI=`which aws` | |
if [ $? -ne 0 ]; then | |
echo "AWS CLI is not installed; exiting" | |
exit 1 | |
else | |
echo "Using AWS CLI found at $AWS_CLI" | |
fi | |
if [ $# -ne 1 ]; then | |
echo "Usage: $0 <MFA_TOKEN_CODE>" | |
echo "Where:" | |
echo " <MFA_TOKEN_CODE> = Code from virtual MFA device" | |
exit 2 | |
fi | |
AWS_USER_PROFILE=userName | |
AWS_2AUTH_PROFILE=default | |
ARN_OF_MFA="YOUR_ARN_OR_MFA" | |
MFA_TOKEN_CODE=$1 | |
DURATION=129600 | |
echo "AWS-CLI Profile: $AWS_CLI_PROFILE" | |
echo "MFA ARN: $ARN_OF_MFA" | |
echo "MFA Token Code: $MFA_TOKEN_CODE" | |
set -x | |
read AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN <<< \ | |
$( aws --profile $AWS_USER_PROFILE sts get-session-token \ | |
--duration $DURATION \ | |
--serial-number $ARN_OF_MFA \ | |
--token-code $MFA_TOKEN_CODE \ | |
--output text | awk '{ print $2, $4, $5 }') | |
echo "AWS_ACCESS_KEY_ID: " $AWS_ACCESS_KEY_ID | |
echo "AWS_SECRET_ACCESS_KEY: " $AWS_SECRET_ACCESS_KEY | |
echo "AWS_SESSION_TOKEN: " $AWS_SESSION_TOKEN | |
if [ -z "$AWS_ACCESS_KEY_ID" ] | |
then | |
exit 1 | |
fi | |
`aws --profile $AWS_2AUTH_PROFILE configure set aws_access_key_id "$AWS_ACCESS_KEY_ID"` | |
`aws --profile $AWS_2AUTH_PROFILE configure set aws_secret_access_key "$AWS_SECRET_ACCESS_KEY"` | |
`aws --profile $AWS_2AUTH_PROFILE configure set aws_session_token "$AWS_SESSION_TOKEN"` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment