This script allows to get new auth keys from AWS for 9-hour access.

It's is supposed, that you can do all the stuff via aws-iam-authenticator and aws cli, which is boring, the script helps avoid that routine.

The script assumes, that your user is created in IAM and has enabled MFA.

1. Install aws cli.

2. Install aws-iam-authenticator tool.

3. It is assumed, that you already have <homefolder>/.aws/credentials file with default profile.

   The default profile must contain your Access and Secret keys, generated with AWS Console web app.

   [default]
   aws_access_key_id = AKAS12313123asd
   aws_secret_access_key = asdfsar123123ASD131zxsas1123szfdasddsf32

4. Scripts requires jq tool to be isntalled.

   Download binary file and place it into any PATH folder.

   Or use any package manager you want (apt, snap, chocolatey, etc.).

1. Copy script file to any Path folder

2. Define AWS_MFA_SERIAL_NUMBER environment variable with value like arn:aws:iam::1234567890123:mfa/kuser.

   You can get this value from you user edit page in IAM.

1. Open terminal/console and run the script.

   NOTE: The script must be run with administrator rights.

2. Provide MFA Identifier, if you did not define AWS_MFA_SERIAL_NUMBER environment variable.

3. Provide MFA Verification code from your MFA device.

The script creates mfa profile in your <homefolder>/.aws/credentials file.

[mfa]
aws_access_key_id = AS123AVCSDF23ASDF
aws_secret_access_key = 312SDFASD2134ZDFASDf4345SADFASDF23423AS
aws_session_token = <long-long-very-long-string-here>

Use that profile to access to Amazon Console.

You can specify it in commands:

aws s3 ls --profile mfa

Or you can set default profile in environment variable:

• bash:

  echo "\nexport AWS_PROFILE=mfa\n" >> ~/.bashrc

• pwsh

  [System.Environment]::SetEnvironmentVariable("AWS_PROFILE", "mfa", "User")