Skip to content

Instantly share code, notes, and snippets.

@jpohjolainen
Last active November 29, 2017 12:18
Show Gist options
  • Save jpohjolainen/430a8ae74c9a076fba699b68dd1743c8 to your computer and use it in GitHub Desktop.
Save jpohjolainen/430a8ae74c9a076fba699b68dd1743c8 to your computer and use it in GitHub Desktop.
#!/bin/bash
SESSION_FILE=~/.aws/mfa_session
PROFILE=${1:-$AWS_PROFILE}
ARGS=''
EVAL=0
if [ "$PROFILE" = "-e" ]; then
EVAL=1
shift
PROFILE=${1:-$AWS_PROFILE}
fi
if [ "${PROFILE:0:1}" = "-" ]; then
echo "usage: $0 [-n] [-h] [profile]"
exit 1
fi
if [ -n "$PROFILE" ]; then
echo "Using profile $PROFILE" >&2
ARGS='--profile '"$PROFILE"
fi
IDENTITY_JSON=$(aws $ARGS sts get-caller-identity)
if [ $? != 0 ]; then
if (echo "$IDENTITY_JSON" | grep -s "ExpiredToken"); then
unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN
else
exit 1
fi
fi
USER_JSON=$(aws $ARGS iam get-user)
ACCOUNT=$(echo "$IDENTITY_JSON" | jq -r '.Account')
IAMUSER=$(echo "$USER_JSON" | jq -r '.User.UserName')
MFA_ARN="arn:aws:iam::$ACCOUNT:mfa/$IAMUSER"
echo -n "Enter MFA token for $MFA_ARN: " >&2
read MFA_TOKEN_CODE
echo ""
SESSION_JSON=$(aws $ARGS sts get-session-token --serial-number "$MFA_ARN" --token-code "$MFA_TOKEN_CODE")
if [ $? != 0 ]; then
exit 1
fi
AWS_ACCESS_KEY_ID=$(echo "$SESSION_JSON" | jq -r '.Credentials.AccessKeyId')
if [ -z "$AWS_ACCESS_KEY_ID" ]; then
echo "Error reading AccessKeyId"
exit 1
fi
AWS_SESSION_TOKEN="$(echo "$SESSION_JSON" | jq -r '.Credentials.SessionToken')"
AWS_SECRET_ACCESS_KEY=$(echo "$SESSION_JSON" | jq -r '.Credentials.SecretAccessKey')
echo -e "export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID\n"\
"export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY\n"\
"export AWS_SESSION_TOKEN=\"$AWS_SESSION_TOKEN\"\n" > $SESSION_FILE
if [ "$EVAL" -eq 1 ]; then
cat $SESSION_FILE
exit
fi
echo "Run following command: "
echo "source $SESSION_FILE"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment