andromedarabbit · August 2, 2018 08:56
diff --git a/awslogin.sh b/awslogin.sh
 #!/bin/bash -e
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 NC='\033[0m' # No Color

 err_report() {
 	echo ""
  	echo -e "${RED}USAGE: $(basename $0)${NC}"
  	echo -e "${RED}USAGE: AWS_LOGIN_PROFILE=my-profile AWS_PROFILE=my-profile-mfa $(basename $0) 123456${NC}"
  	echo -e "${RED}See${NC} https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/"
  	echo ""
  	exit 1
 }

 trap err_report ERR

 type aws > /dev/null || brew install awscli

 while [[ "${AWS_LOGIN_PROFILE}" == "" ]]; do
 	read -p "$(echo -e ${GREEN}Enter AWS_PROFILE you use to sign in with your MFA token: ${NC})" AWS_LOGIN_PROFILE
 	echo ""

 	[[ "${AWS_LOGIN_PROFILE}" == "" ]] && continue

 	SECTION_FOUND=$(sed -n "/^\[\s*${AWS_LOGIN_PROFILE}\s*\]\s*$/p" "${HOME}/.aws/credentials") 
 	if [[ "${SECTION_FOUND}" == "" ]]; then
 		echo -e "${RED}AWS profile '${AWS_LOGIN_PROFILE}' can not be found!"
 		AWS_LOGIN_PROFILE=""
 	fi
 done

 DEFAULT_AWS_PROFILE="${AWS_LOGIN_PROFILE}-mfa"
 if [[ "${AWS_PROFILE}" == "" ]]; then
 	read -p "$(echo -e ${GREEN}Enter AWS_PROFILE you use to access to AWS resources after signed in with MFA token \(Default: ${NC}${DEFAULT_AWS_PROFILE}${GREEN}\): ${NC})" AWS_PROFILE
 	echo ""
 fi

 if [[ "${AWS_PROFILE}" == "" ]]; then
 	AWS_PROFILE="${DEFAULT_AWS_PROFILE}"
 fi

 echo -e "${GREEN}This will save new AWS credentials into the profile ${NC}${AWS_PROFILE}${GREEN} once signed with MFA token, which issued with the profile ${NC}${AWS_LOGIN_PROFILE}${GREEN}.${NC}"
 echo ""

 while [[ ! "${ANSWER}" =~ ^\s*[yYnN]\s*$ ]]; do
 	read -p "$(echo -e ${GREEN}Would you like to proceed? [y/n]: ${NC})" -n 1 ANSWER
 	echo ""
 done

 if [[ ! "${ANSWER}" =~ ^\s*[yY]\s*$ ]]; then
 	exit 0
 fi

 AWS_MFA_CODE=$1
 while [[ ! "${AWS_MFA_CODE}" =~ ^[0-9]{6}$ ]]; do
    read -p "$(echo -e ${GREEN}Enter the MFA token: ${NC})" -n 6 AWS_MFA_CODE
    echo ""
 done

 eval $( AWS_PROFILE=${AWS_LOGIN_PROFILE} aws sts get-caller-identity | jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" )

 export AWS_ACCOUNT_ID="${Account}"
 export AWS_IAM_USER=$( echo -n "${Arn}" | sed -e "s|^arn:aws:iam::$AWS_ACCOUNT_ID:user/\(.*\)|\1|" )

 eval $( AWS_PROFILE="${AWS_LOGIN_PROFILE}" aws sts get-session-token --serial-number arn:aws:iam::${AWS_ACCOUNT_ID}:mfa/${AWS_IAM_USER} --token-code ${AWS_MFA_CODE} | jq -r '.Credentials | to_entries[] | .key + "=" + .value' )

 if [[ "${AccessKeyId}" == "" || "${SecretAccessKey}" == "" || "${SessionToken}" == "" ]]; then
 	err_report
 fi

 SECTION_FOUND=$(sed -n "/^\[\s*${AWS_PROFILE}\s*\]\s*$/p" "${HOME}/.aws/credentials") 
 if [[ "${SECTION_FOUND}" == "" ]]; then
 	echo -e "\n[${AWS_PROFILE}]" >> "${HOME}/.aws/credentials"
 fi

 AWS_PROFILE="${AWS_PROFILE}" aws configure set aws_access_key_id "${AccessKeyId}"
 AWS_PROFILE="${AWS_PROFILE}" aws configure set aws_secret_access_key "${SecretAccessKey}"
 AWS_PROFILE="${AWS_PROFILE}" aws configure set aws_session_token "${SessionToken}"

 echo -e "${GREEN}Successfully logged in${NC}"
	#!/bin/bash -e
	RED='\033[0;31m'
	GREEN='\033[0;32m'
	NC='\033[0m' # No Color

	err_report() {
	echo ""
	echo -e "${RED}USAGE: $(basename $0)${NC}"
	echo -e "${RED}USAGE: AWS_LOGIN_PROFILE=my-profile AWS_PROFILE=my-profile-mfa $(basename $0) 123456${NC}"
	echo -e "${RED}See${NC} https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/"
	echo ""
	exit 1
	}

	trap err_report ERR

	type aws > /dev/null \|\| brew install awscli

	while [[ "${AWS_LOGIN_PROFILE}" == "" ]]; do
	read -p "$(echo -e ${GREEN}Enter AWS_PROFILE you use to sign in with your MFA token: ${NC})" AWS_LOGIN_PROFILE
	echo ""

	[[ "${AWS_LOGIN_PROFILE}" == "" ]] && continue

	SECTION_FOUND=$(sed -n "/^\[\s${AWS_LOGIN_PROFILE}\s\]\s*$/p" "${HOME}/.aws/credentials")
	if [[ "${SECTION_FOUND}" == "" ]]; then
	echo -e "${RED}AWS profile '${AWS_LOGIN_PROFILE}' can not be found!"
	AWS_LOGIN_PROFILE=""
	fi
	done

	DEFAULT_AWS_PROFILE="${AWS_LOGIN_PROFILE}-mfa"
	if [[ "${AWS_PROFILE}" == "" ]]; then
	read -p "$(echo -e ${GREEN}Enter AWS_PROFILE you use to access to AWS resources after signed in with MFA token \(Default: ${NC}${DEFAULT_AWS_PROFILE}${GREEN}\): ${NC})" AWS_PROFILE
	echo ""
	fi

	if [[ "${AWS_PROFILE}" == "" ]]; then
	AWS_PROFILE="${DEFAULT_AWS_PROFILE}"
	fi

	echo -e "${GREEN}This will save new AWS credentials into the profile ${NC}${AWS_PROFILE}${GREEN} once signed with MFA token, which issued with the profile ${NC}${AWS_LOGIN_PROFILE}${GREEN}.${NC}"
	echo ""

	while [[ ! "${ANSWER}" =~ ^\s[yYnN]\s$ ]]; do
	read -p "$(echo -e ${GREEN}Would you like to proceed? [y/n]: ${NC})" -n 1 ANSWER
	echo ""
	done

	if [[ ! "${ANSWER}" =~ ^\s[yY]\s$ ]]; then
	exit 0
	fi

	AWS_MFA_CODE=$1
	while [[ ! "${AWS_MFA_CODE}" =~ ^[0-9]{6}$ ]]; do
	read -p "$(echo -e ${GREEN}Enter the MFA token: ${NC})" -n 6 AWS_MFA_CODE
	echo ""
	done

	eval $( AWS_PROFILE=${AWS_LOGIN_PROFILE} aws sts get-caller-identity \| jq -r "to_entries\|map(\"\(.key)=\(.value\|tostring)\")\|.[]" )

	export AWS_ACCOUNT_ID="${Account}"
	export AWS_IAM_USER=$( echo -n "${Arn}" \| sed -e "s\|^arn:aws:iam::$AWS_ACCOUNT_ID:user/\(.*\)\|\1\|" )

	eval $( AWS_PROFILE="${AWS_LOGIN_PROFILE}" aws sts get-session-token --serial-number arn:aws:iam::${AWS_ACCOUNT_ID}:mfa/${AWS_IAM_USER} --token-code ${AWS_MFA_CODE} \| jq -r '.Credentials \| to_entries[] \| .key + "=" + .value' )

	if [[ "${AccessKeyId}" == "" \|\| "${SecretAccessKey}" == "" \|\| "${SessionToken}" == "" ]]; then
	err_report
	fi

	SECTION_FOUND=$(sed -n "/^\[\s${AWS_PROFILE}\s\]\s*$/p" "${HOME}/.aws/credentials")
	if [[ "${SECTION_FOUND}" == "" ]]; then
	echo -e "\n[${AWS_PROFILE}]" >> "${HOME}/.aws/credentials"
	fi

	AWS_PROFILE="${AWS_PROFILE}" aws configure set aws_access_key_id "${AccessKeyId}"
	AWS_PROFILE="${AWS_PROFILE}" aws configure set aws_secret_access_key "${SecretAccessKey}"
	AWS_PROFILE="${AWS_PROFILE}" aws configure set aws_session_token "${SessionToken}"

	echo -e "${GREEN}Successfully logged in${NC}"