Skip to content

Instantly share code, notes, and snippets.

@axolx
Last active October 4, 2022 23:48
Show Gist options
  • Save axolx/e591109079c7944bf7419422d6682b19 to your computer and use it in GitHub Desktop.
Save axolx/e591109079c7944bf7419422d6682b19 to your computer and use it in GitHub Desktop.
A Bash function to assume an AWS role with MFA and update the awscli environment to the assumed role
sts_assume_role () {
read -p "Enter a current MFA token code: " token_code
role_credentials=`aws sts assume-role \
--role-arn <role-arn> \
--role-session-name <session-name> \
--serial-number <mfa-arn> \
--token-code ${token_code}`
export AWS_ACCESS_KEY_ID=$(echo $role_credentials | jq -r .Credentials.AccessKeyId)
export AWS_SECRET_ACCESS_KEY=$(echo $role_credentials | jq -r .Credentials.SecretAccessKey)
export AWS_SESSION_TOKEN=$(echo $role_credentials | jq -r .Credentials.SessionToken)
}
@axolx
Copy link
Author

axolx commented Oct 4, 2022

One can also obtain the token from 1Password with something like:

TOKEN_CODE=$(op item get "AWS (Ombu)" --vault Work --otp)

Credit to @Cabalist

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment