Last active
May 16, 2022 15:49
-
-
Save andrhamm/8e78910d3000b5a1d8ecd8d1f69e05cb to your computer and use it in GitHub Desktop.
Simple AWS CLI MFA login script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -eo pipefail | |
| # Note: this script will overwrite your credentials for the `default` AWS profile, you may wish to create a backup | |
| # Pre-requisites: | |
| # 1) Run: | |
| # brew install jq awscli | |
| # 2) Add alias to .zshrc or .bashrc: | |
| # alias aws-auth-mfa="~/.scripts/aws-auth-mfa.sh" | |
| # 3) Configure your non-MFA AWS credentials profile (ex profile named 'foobar'): | |
| # aws configure --profile foobar | |
| # 4) Run this script in your terminal to login with your MFA token: | |
| # aws-auth-mfa foobar | |
| # 5) Test an AWS call: | |
| # aws s3 ls | |
| # | |
| # | |
| # Fill in these values | |
| AWS_IAM_ACCESS_KEY_ID="" | |
| AWS_IAM_SECRET_ACCESS_KEY="" | |
| AWS_MFA_ARN="" | |
| AWS_REGION="us-west-2" | |
| # Do not edit these | |
| AWS_IAM_PROFILE_NAME="$1" | |
| AWS_CLI_PROFILE_NAME="$AWS_IAM_PROFILE_NAME-cli" | |
| AWS_MFA_TOKEN_CODE="" | |
| AWS_SESSION_TOKEN="" | |
| if [ -z "$AWS_IAM_PROFILE_NAME" ] | |
| then | |
| echo "usage: aws-auth-mfa <profile>" | |
| exit 1; | |
| fi | |
| if ! command -v jq &> /dev/null | |
| then | |
| echo "jq command not found. (run brew install jq)" | |
| exit | |
| fi | |
| read -sp "Enter your AWS MFA Token Code for $AWS_IAM_PROFILE_NAME: " AWS_MFA_TOKEN_CODE | |
| echo | |
| RES=$(aws sts get-session-token --serial-number "$AWS_MFA_ARN" --token-code "$AWS_MFA_TOKEN_CODE" --duration-seconds 129600 --profile "$AWS_IAM_PROFILE_NAME") | |
| if [ ! -z "$RES" ] | |
| then | |
| export AWS_ACCESS_KEY_ID=$(echo "$RES" | jq '.Credentials.AccessKeyId' -r) | |
| export AWS_SECRET_ACCESS_KEY=$(echo "$RES" | jq '.Credentials.SecretAccessKey' -r) | |
| export AWS_SESSION_TOKEN=$(echo "$RES" | jq '.Credentials.SessionToken' -r) | |
| export AWS_PROFILE="$AWS_CLI_PROFILE_NAME" | |
| aws configure set region "$AWS_REGION" --profile default | |
| aws configure set region "$AWS_REGION" --profile "$AWS_CLI_PROFILE_NAME" | |
| aws configure set region "$AWS_REGION" --profile "$AWS_CLI_PROFILE_NAME" | |
| aws configure set aws_access_key_id "$AWS_ACCESS_KEY_ID" --profile "$AWS_CLI_PROFILE_NAME" | |
| aws configure set aws_secret_access_key "$AWS_SECRET_ACCESS_KEY" --profile "$AWS_CLI_PROFILE_NAME" | |
| aws configure set aws_session_token "$AWS_SESSION_TOKEN" --profile "$AWS_CLI_PROFILE_NAME" | |
| aws configure set aws_access_key_id "$AWS_ACCESS_KEY_ID" --profile default | |
| aws configure set aws_secret_access_key "$AWS_SECRET_ACCESS_KEY" --profile default | |
| aws configure set aws_session_token "$AWS_SESSION_TOKEN" --profile default | |
| echo "Login Success, default AWS credentials updated with session credentials!" | |
| else | |
| echo "Login Failed" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment