This script allows to get new auth keys from AWS for 9-hour access.
It's is supposed, that you can do all the stuff via aws-iam-authenticator
and aws
cli, which is boring, the script helps avoid that routine.
The script assumes, that your user is created in IAM
and has enabled MFA
.
-
Install
aws
cli. -
Install
aws-iam-authenticator
tool. -
It is assumed, that you already have
<homefolder>/.aws/credentials
file withdefault
profile.The
default
profile must contain yourAccess
andSecret
keys, generated with AWS Console web app.[default] aws_access_key_id = AKAS12313123asd aws_secret_access_key = asdfsar123123ASD131zxsas1123szfdasddsf32
-
Scripts requires
jq
tool to be isntalled.Download binary file and place it into any
PATH
folder.Or use any package manager you want (apt, snap, chocolatey, etc.).
-
Copy script file to any
Path
folder -
Define
AWS_MFA_SERIAL_NUMBER
environment variable with value likearn:aws:iam::1234567890123:mfa/kuser
.You can get this value from you user edit page in
IAM
.
-
Open terminal/console and run the script.
NOTE: The script must be run with administrator rights.
-
Provide MFA Identifier, if you did not define
AWS_MFA_SERIAL_NUMBER
environment variable. -
Provide MFA Verification code from your MFA device.
The script creates mfa
profile in your <homefolder>/.aws/credentials
file.
[mfa]
aws_access_key_id = AS123AVCSDF23ASDF
aws_secret_access_key = 312SDFASD2134ZDFASDf4345SADFASDF23423AS
aws_session_token = <long-long-very-long-string-here>
Use that profile to access to Amazon Console.
You can specify it in commands:
aws s3 ls --profile mfa
Or you can set default profile in environment variable:
-
bash:
echo "\nexport AWS_PROFILE=mfa\n" >> ~/.bashrc
-
pwsh
[System.Environment]::SetEnvironmentVariable("AWS_PROFILE", "mfa", "User")