Skip to content

Instantly share code, notes, and snippets.

@danielrbradley

danielrbradley/aws-auth.sh

Last active January 8, 2020 12:23
Show Gist options
  • Save danielrbradley/4c2cde279bcef57abf5bfcc7d67622b7 to your computer and use it in GitHub Desktop.
Save danielrbradley/4c2cde279bcef57abf5bfcc7d67622b7 to your computer and use it in GitHub Desktop.
Download ZIP
Get console session with AWS access for 36 hours when using MFA
Raw
readme.md

AWS MFA Auth Session helper

To install:

sh -c "$(curl -fsSL https://gist.githubusercontent.com/danielrbradley/4c2cde279bcef57abf5bfcc7d67622b7/raw/install.sh)"
Raw
aws-auth.sh
#!/bin/bash
# Note: Depends on having jq and AWS CLI installed: `brew install jq`, `brew install awscli`
set -e # stop on error
AWS_ACCOUNT="1234567890"
AWS_USERNAME="YOUR_AWS_USERNAME"
MFA_SERIAL="arn:aws:iam::$AWS_ACCOUNT:mfa/$AWS_USERNAME"
export AWS_CONFIG_FILE='/dev/null' # ignore config file so CLI doesn't pick up MFA config
read -p "Enter MFA code for $MFA_SERIAL: " MFA
JSON_SESSION_TOKEN=`aws sts get-session-token --serial-number $MFA_SERIAL --token-code $MFA --duration 129600`
unset AWS_CONFIG_FILE
export AWS_ACCESS_KEY_ID=`echo $JSON_SESSION_TOKEN | jq '.Credentials.AccessKeyId' -r`
export AWS_SECRET_ACCESS_KEY=`echo $JSON_SESSION_TOKEN | jq '.Credentials.SecretAccessKey' -r`
export AWS_SESSION_TOKEN=`echo $JSON_SESSION_TOKEN | jq '.Credentials.SessionToken' -r`
$SHELL # launch new shell
Raw
install.sh
#!/bin/bash
set -e # stop on error
echo "Enter your AWS account number:"
read account
echo "Enter your AWS username:"
read username
source="$(curl -fsSL https://gist.githubusercontent.com/danielrbradley/4c2cde279bcef57abf5bfcc7d67622b7/raw/aws-auth.sh)"
source_with_account="${source/1234567890/$account}"
source_final="${source_with_account/YOUR_AWS_USERNAME/$username}"
echo "$source_final" > /usr/local/bin/aws-auth
chmod +x /usr/local/bin/aws-auth
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment