Last active
March 31, 2023 08:39
-
-
Save emileten/b107c0e84eba99fce5440abde152ba7c to your computer and use it in GitHub Desktop.
cli_mfa_auth_aws
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # set ARN_MFA_DEVICE to the ARN of the MFA device associated with your SMCE account. | |
| # and AWS_PROFILE to your AWS credentials profile associated with the SMCE MAAP account (in ~/.aws/credentials) | |
| # first argument (positional) of this function is the MFA code that is displayed by your MFA app at the moment | |
| # you run the function (e.g. Google Auth) | |
| mfa_authentication_smce_maap () { | |
| export AWS_PROFILE="YOUR_SMCE_MAAP_PROFILE" | |
| export ARN_MFA_DEVICE="ARN_OF_MFA_DEVICE" | |
| tokens=$(aws sts get-session-token --serial-number $ARN_MFA_DEVICE --token-code $1 --output json) | |
| secret=$(echo -- "$tokens" | sed -n 's!.*"SecretAccessKey": "\(.*\)".*!\1!p') | |
| session=$(echo -- "$tokens" | sed -n 's!.*"SessionToken": "\(.*\)".*!\1!p') | |
| access=$(echo -- "$tokens" | sed -n 's!.*"AccessKeyId": "\(.*\)".*!\1!p') | |
| expire=$(echo -- "$tokens" | sed -n 's!.*"Expiration": "\(.*\)".*!\1!p') | |
| if [ -z "$secret" ] || [ -z "$session" ] || [ -z "$access" ]; | |
| then | |
| echo "Unable to get temporary credentials. Could not find secret/access/session entries $tokens" >&2 | |
| echo "Exiting..." | |
| exit 255 | |
| fi | |
| export AWS_ACCESS_KEY_ID=$access | |
| export AWS_SECRET_ACCESS_KEY=$secret | |
| export AWS_SESSION_TOKEN=$session | |
| echo " | |
| AWS_ACCESS_KEY_ID=$access | |
| AWS_SECRET_ACCESS_KEY=$secret | |
| AWS_SESSION_TOKEN=$session | |
| " | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment