garyellis · January 5, 2018 02:01
diff --git a/new_session_token.py b/new_session_token.py
 #!/usr/bin/env python

 """
 A quick script to get temporary aws access keys.

 expects AWS_MFA_ARN to exist in the aws default credential
 export AWS_MFA_ARN="arn:aws:iam::123456789:mfa/me"

 """

 import boto3
 import ConfigParser
 import getpass
 from pprint import pprint
 import os
 from os.path import expanduser

 if os.environ['AWS_MFA_ARN']:
    serial_arn = os.environ['AWS_MFA_ARN']

 else:
    serial_arn = input('serial arn: ')

 mfa_token  = getpass.getpass(prompt="mfa token: ")

 client = boto3.client('sts')

 response = client.get_session_token(
    SerialNumber=serial_arn,
    TokenCode=mfa_token
 )


 temporary_credentials = response.get('Credentials', {})


 config = ConfigParser.RawConfigParser()


 awscredentialfilename = '.aws/credentials'
 awscredentialfile = '%s/%s' % (expanduser("~"), awscredentialfilename)

 config_section_name = 'authenticated'
 config = ConfigParser.RawConfigParser()
 config.read(awscredentialfile)

 if not config.has_section(config_section_name):
  config.add_section(config_section_name)


 config.set(config_section_name, 'region', 'us-west-2')
 config.set(config_section_name, 'aws_access_key_id', temporary_credentials['AccessKeyId'])
 config.set(config_section_name, 'aws_secret_access_key', temporary_credentials['SecretAccessKey'])
 config.set(config_section_name, 'aws_session_token', temporary_credentials['SessionToken'])

 with open(awscredentialfile, 'wb') as f:
    config.write(f)
 print '==> Temporary credentials have been created.'
 print '    CredentialFile: %s' % awscredentialfile
 print '    AwsProfile: %s' % config_section_name
 print '    AccessKeyId: %s' % temporary_credentials['AccessKeyId']
 print '    Expiration: %s' % temporary_credentials['Expiration']
 print '    Export: export AWS_DEFAULT_PROFILE=%s AWS_PROFILE=%s' % (config_section_name,config_section_name)
	#!/usr/bin/env python

	"""
	A quick script to get temporary aws access keys.

	expects AWS_MFA_ARN to exist in the aws default credential
	export AWS_MFA_ARN="arn:aws:iam::123456789:mfa/me"

	"""

	import boto3
	import ConfigParser
	import getpass
	from pprint import pprint
	import os
	from os.path import expanduser

	if os.environ['AWS_MFA_ARN']:
	serial_arn = os.environ['AWS_MFA_ARN']

	else:
	serial_arn = input('serial arn: ')

	mfa_token = getpass.getpass(prompt="mfa token: ")

	client = boto3.client('sts')

	response = client.get_session_token(
	SerialNumber=serial_arn,
	TokenCode=mfa_token
	)


	temporary_credentials = response.get('Credentials', {})


	config = ConfigParser.RawConfigParser()


	awscredentialfilename = '.aws/credentials'
	awscredentialfile = '%s/%s' % (expanduser("~"), awscredentialfilename)

	config_section_name = 'authenticated'
	config = ConfigParser.RawConfigParser()
	config.read(awscredentialfile)

	if not config.has_section(config_section_name):
	config.add_section(config_section_name)


	config.set(config_section_name, 'region', 'us-west-2')
	config.set(config_section_name, 'aws_access_key_id', temporary_credentials['AccessKeyId'])
	config.set(config_section_name, 'aws_secret_access_key', temporary_credentials['SecretAccessKey'])
	config.set(config_section_name, 'aws_session_token', temporary_credentials['SessionToken'])

	with open(awscredentialfile, 'wb') as f:
	config.write(f)
	print '==> Temporary credentials have been created.'
	print ' CredentialFile: %s' % awscredentialfile
	print ' AwsProfile: %s' % config_section_name
	print ' AccessKeyId: %s' % temporary_credentials['AccessKeyId']
	print ' Expiration: %s' % temporary_credentials['Expiration']
	print ' Export: export AWS_DEFAULT_PROFILE=%s AWS_PROFILE=%s' % (config_section_name,config_section_name)