aksel · February 12, 2021 11:49
diff --git a/aws-cli-authenticate-mfa.sh b/aws-cli-authenticate-mfa.sh
 #!/bin/bash

 MFA_DEVICE=$1
 if [ -z "$MFA_DEVICE" ]; then
  echo "MFA device ARN not specified." >&2
  exit 1
 fi

 # Prompt for OTP
 OTP=
 while true; do
  echo -n "Input OTP: "
  read -rs OTP
  echo

  if [[ $OTP =~ ^[0-9]{6}$ ]]; then
    break
  fi

  echo "OTP must be a six-digit number." >&2
 done

 # Fetch credentials, and export them.
 CREDENTIALS=$(aws --profile="$AWS_PROFILE" sts get-session-token --serial-number "$MFA_DEVICE" --token-code "$OTP")

 AWS_ACCESS_KEY_ID=$(jq -r ".Credentials.AccessKeyId" <<<"$CREDENTIALS")
 AWS_SECRET_ACCESS_KEY=$(jq -r ".Credentials.SecretAccessKey" <<<"$CREDENTIALS")
 AWS_SESSION_TOKEN=$(jq -r ".Credentials.SessionToken" <<<"$CREDENTIALS")

 echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID"
 echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY"
 echo "AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN"

 export AWS_ACCESS_KEY_ID
 export AWS_SECRET_ACCESS_KEY
 export AWS_SESSION_TOKEN
	#!/bin/bash

	MFA_DEVICE=$1
	if [ -z "$MFA_DEVICE" ]; then
	echo "MFA device ARN not specified." >&2
	exit 1
	fi

	# Prompt for OTP
	OTP=
	while true; do
	echo -n "Input OTP: "
	read -rs OTP
	echo

	if [[ $OTP =~ ^[0-9]{6}$ ]]; then
	break
	fi

	echo "OTP must be a six-digit number." >&2
	done

	# Fetch credentials, and export them.
	CREDENTIALS=$(aws --profile="$AWS_PROFILE" sts get-session-token --serial-number "$MFA_DEVICE" --token-code "$OTP")

	AWS_ACCESS_KEY_ID=$(jq -r ".Credentials.AccessKeyId" <<<"$CREDENTIALS")
	AWS_SECRET_ACCESS_KEY=$(jq -r ".Credentials.SecretAccessKey" <<<"$CREDENTIALS")
	AWS_SESSION_TOKEN=$(jq -r ".Credentials.SessionToken" <<<"$CREDENTIALS")

	echo "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID"
	echo "AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY"
	echo "AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN"

	export AWS_ACCESS_KEY_ID
	export AWS_SECRET_ACCESS_KEY
	export AWS_SESSION_TOKEN