Last active
November 5, 2018 13:42
-
-
Save sportebois/7d2f9cf8756a984517b6179d39503906 to your computer and use it in GitHub Desktop.
AWS CLI: Easy MFA auth
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -e | |
| # Note: this will overwite your AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY if you use it | |
| # (I usually prefer using ~/.aws/credentials profile and leave those unset) | |
| # Use this script by sourcing the output directly, like: | |
| # $(./aws_mfa_auth.sh) | |
| # Or | |
| # $(./aws_mfa_auth.sh arn:aws:iam::123456789012:mfa/bob) | |
| # More info at https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/ | |
| # After that, the AWS CLI will defaults to this temp token, which will let you | |
| # Perform MFA-locked action, like reading from a sensitive bucket, ... | |
| # aws s3 sync s3://my-secret-vault/ ./s3-secret-vault | |
| # Replace this default ARN with your favortie aws user account | |
| MFA_ARN=${1:-"arn:aws:iam::123456789012:mfa/sebastien.portebois"} | |
| read -p "# Enter MFA TOKEN code for $MFA_ARN: " mfa_code | |
| unset AWS_ACCESS_KEY_ID | |
| unset AWS_SECRET_ACCESS_KEY | |
| unset AWS_SESSION_TOKEN | |
| json_res=$(aws sts get-session-token --serial-number $MFA_ARN --token-code $mfa_code) | |
| echo export AWS_ACCESS_KEY_ID=$(echo $json_res | jq -r '.Credentials.AccessKeyId') | |
| echo export AWS_SECRET_ACCESS_KEY=$(echo $json_res | jq -r '.Credentials.SecretAccessKey') | |
| echo export AWS_SESSION_TOKEN=$(echo $json_res | jq -r '.Credentials.SessionToken') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment