Created
April 5, 2021 02:05
-
-
Save ErvalhouS/d6afe8943be1b02895c9628f90d28dba to your computer and use it in GitHub Desktop.
Easier AWS MFA on CLI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
AWS_ACCESS_KEY_ID="" | |
AWS_SECRET_ACCESS_KEY="" | |
AWS_SESSION_TOKEN="" | |
( | |
echo "Welcome to AWS CLI MFA 😎" | |
if [ -z "$MFA_DEVICE_ARN" ]; then | |
echo "Your Multi-factor authentication device has an ARN visible at: https://console.aws.amazon.com/iam/home?region=us-east-1#/security_credentials" | |
echo | |
echo "You can export your MFA device ARN as MFA_DEVICE_ARN environmental variable to avoid having to input it every time. Just add something like this to your equivalent of a ~/.bash_profile" | |
echo "export MFA_DEVICE_ARN=arn:a-very-long:unique-id:to-your-mfa-device:on-aws" | |
echo | |
echo -n "Please enter your MFA device's ARN: " | |
read MFA_DEVICE_ARN | |
fi | |
echo "Get a code from your authenticator of choice." | |
echo -n "Please enter your code: " | |
read token_code | |
if AWS_PROFILE="default" aws sts get-session-token --serial-number $MFA_DEVICE_ARN --token-code $token_code > /tmp/mfa_result; then | |
else | |
set -e | |
echo "Please try again..." | |
echo | |
echo "Get a code from your authenticator of choice." | |
echo -n "Please enter your code: " | |
read token_code | |
AWS_PROFILE="default" aws sts get-session-token --serial-number $MFA_DEVICE_ARN --token-code $token_code > /tmp/mfa_result | |
fi | |
export AWS_ACCESS_KEY_ID=`cat /tmp/mfa_result | jq -r '.Credentials.AccessKeyId'` | |
export AWS_SECRET_ACCESS_KEY=`cat /tmp/mfa_result | jq -r '.Credentials.SecretAccessKey'` | |
export AWS_SESSION_TOKEN=`cat /tmp/mfa_result | jq -r '.Credentials.SessionToken'` | |
export AWS_PROFILE="mfa" | |
export AWS_REGION="us-east-1" | |
rm /tmp/mfa_result | |
echo | |
echo -e " 📣 SUCCESS❗❗🍺" | |
) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment