Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Bash scripts for MFA sign in to AWS in the console
AWS_ACCOUNT_ID= # aws account
AWS_USER_PROFILE= # profile in aws/credentials to your access key
AWS_REGION= # default region
AWS_IAM_NAME= # your iam name in the aws account
ARN_OF_ROLE= # the role you want to assume
ARN_OF_MFA=arn:aws:iam::$AWS_ACCOUNT_ID:mfa/$AWS_IAM_NAME
MFA_TOKEN_CODE=$1
read AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN <<< \
$( aws --profile $AWS_USER_PROFILE sts assume-role \
--role-arn $ARN_OF_ROLE \
--serial-number $ARN_OF_MFA \
--token-code $MFA_TOKEN_CODE \
--role-session-name cli-$AWS_IAM_NAME \
--output text | tail -n1 | awk '{ print $2, $4, $5 }')
export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
export AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN
echo "export AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID
echo "export AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY
echo "export AWS_SESSION_TOKEN="$AWS_SESSION_TOKEN
AWS_ACCOUNT_ID= # aws account
AWS_USER_PROFILE= # profile in aws/credentials to your access key
AWS_REGION= # default region
AWS_IAM_NAME= # your iam name in the aws account
ARN_OF_MFA=arn:aws:iam::$AWS_ACCOUNT_ID:mfa/$AWS_IAM_NAME
MFA_TOKEN_CODE=$1
DURATION=129600
read AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN <<< \
$( aws --profile $AWS_USER_PROFILE sts get-session-token \
--duration $DURATION \
--serial-number $ARN_OF_MFA \
--token-code $MFA_TOKEN_CODE \
--output text | awk '{ print $2, $4, $5 }')
export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
export AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN
echo "AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID
echo "AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY
echo "AWS_SESSION_TOKEN="$AWS_SESSION_TOKEN
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.