vatshat/iam_mfa.sh

## iam_mfa.sh
#!/bin/bash

##############################################################################
#  assume role and populate in environment variables #
##############################################################################

#using meta data
url="http://169.254.169.254/latest/meta-data/"
iam="iam/security-credentials/"
security_credentials=$(curl -s "$url$iam")
iam_meta_data=$(curl -s "$url$iam$security_credentials")
export AWS_ACCESS_KEY_ID=$(jq --raw-output ".AccessKeyId" <<< $iam_meta_data)
export AWS_SECRET_ACCESS_KEY=$(jq --raw-output ".SecretAccessKey" <<< $iam_meta_data)
export AWS_SESSION_TOKEN=$(jq --raw-output ".Token" <<< $iam_meta_data)
export AWS_DEFAULT_REGION=$(curl -s "$url/placement/availability-zone" | sed 's/[a-z]$//')

#using STS

assumed_role=$(aws sts assume-role --role-arn arn:aws:iam::037559324442:role/ec2-cli-access --role-session-name "thabile-laptop-cli")
echo $assumed_role | jq '.AssumedRoleUser | keys as $k | {"\($k[1])":.AssumedRoleId}'
export AWS_ACCESS_KEY_ID=$(jq --raw-output ".Credentials.AccessKeyId" <<< $assumed_role)
export AWS_SECRET_ACCESS_KEY=$(jq --raw-output ".Credentials.SecretAccessKey" <<< $assumed_role)
export AWS_SESSION_TOKEN=$(jq --raw-output ".Credentials.SessionToken" <<< $assumed_role)
export AWS_DEFAULT_REGION=eu-west-1

##############################################################################
#  get authenticate with MFA and populate in environment variables #
##############################################################################

read token&&temp=$(aws sts get-session-token --serial-number arn:aws:iam::037559324442:mfa/mfa --token-code $token)&&export AWS_ACCESS_KEY_ID=$(echo $temp | jq -r '.Credentials.AccessKeyId')&&export AWS_SECRET_ACCESS_KEY=$(echo $temp | jq -r '.Credentials.SecretAccessKey')&&export AWS_SESSION_TOKEN=$(echo $temp | jq -r '.Credentials.SessionToken')
	#!/bin/bash

	##############################################################################
	# assume role and populate in environment variables #
	##############################################################################

	#using meta data
	url="http://169.254.169.254/latest/meta-data/"
	iam="iam/security-credentials/"
	security_credentials=$(curl -s "$url$iam")
	iam_meta_data=$(curl -s "$url$iam$security_credentials")
	export AWS_ACCESS_KEY_ID=$(jq --raw-output ".AccessKeyId" <<< $iam_meta_data)
	export AWS_SECRET_ACCESS_KEY=$(jq --raw-output ".SecretAccessKey" <<< $iam_meta_data)
	export AWS_SESSION_TOKEN=$(jq --raw-output ".Token" <<< $iam_meta_data)
	export AWS_DEFAULT_REGION=$(curl -s "$url/placement/availability-zone" \| sed 's/[a-z]$//')

	#using STS

	assumed_role=$(aws sts assume-role --role-arn arn:aws:iam::037559324442:role/ec2-cli-access --role-session-name "thabile-laptop-cli")
	echo $assumed_role \| jq '.AssumedRoleUser \| keys as $k \| {"\($k[1])":.AssumedRoleId}'
	export AWS_ACCESS_KEY_ID=$(jq --raw-output ".Credentials.AccessKeyId" <<< $assumed_role)
	export AWS_SECRET_ACCESS_KEY=$(jq --raw-output ".Credentials.SecretAccessKey" <<< $assumed_role)
	export AWS_SESSION_TOKEN=$(jq --raw-output ".Credentials.SessionToken" <<< $assumed_role)
	export AWS_DEFAULT_REGION=eu-west-1

	##############################################################################
	# get authenticate with MFA and populate in environment variables #
	##############################################################################

	read token&&temp=$(aws sts get-session-token --serial-number arn:aws:iam::037559324442:mfa/mfa --token-code $token)&&export AWS_ACCESS_KEY_ID=$(echo $temp \| jq -r '.Credentials.AccessKeyId')&&export AWS_SECRET_ACCESS_KEY=$(echo $temp \| jq -r '.Credentials.SecretAccessKey')&&export AWS_SESSION_TOKEN=$(echo $temp \| jq -r '.Credentials.SessionToken')