Easy AWS MFA authentication and role assuming
Project description
AWS Auth
pip install aws-auth-utils
aws configure --profile mfa-source
aws_auth mfa
The commands use click for argument parsing and if required arguments are missing it will prompt you.
To authenticate using your MFA token you will need to have a profile configured using regular an AWS Access Key.
We will use that and your MFA token to generate an authorized session profile.
By default we will try to use the mfa-source and create the default profile.
If you only have a single MFA device set up, it will use that automatically. If you have multiple, it will the first one.
MFA
$ aws_auth mfa --help
Usage: aws_auth mfa [OPTIONS]
Options:
-a, --mfa-arn TEXT The identification number of the MFA device that
is associated with the IAM user. i.e.:
"arn:aws:iam::123456789012:mfa/tony.stark". You
can find this on the IAM page.
-c, --code TEXT The code generated by your MFA device.
-d, --duration INTEGER The duration, in seconds, of the session.
-sp, --source-profile TEXT What AWS profile to get the session token with.
-tp, --target-profile TEXT What AWS profile to store the credentials under.
-v, --verbose BOOLEAN
--help Show this message and exit.
Assume Role
The assume role is useful for multi-org environments where you want to impersonate a role in a child organization. If you access multiple organizations I recommend you set up aliases.
aws_auth assume \
--role-arn arn:aws:iam::123456789012:role/OrganizationAccountAccessRole \
--session-name child_org \
--target-profile child_session
$ aws_auth assume --help
Usage: aws_auth assume [OPTIONS]
Get MFA authenticated and assumed role session credentials and save them to
the aws credentials file
If you have multiple accounts you'd like to switch between, I recommend
setting up aliases that call this script with predefined arguments.
Options:
-r, --role-arn TEXT The Arn of the Role to assume.
-n, --session-name TEXT The identifier for the assumed role session.
-a, --mfa-arn TEXT The identification number of the MFA device that
is associated with the IAM user. i.e.:
"arn:aws:iam::123456789012:mfa/tony.stark". You
can find this on the IAM page.
-c, --code TEXT The code generated by your MFA device.
-d, --duration INTEGER The duration, in seconds, of the session.
(defaults to 4 hours)
-sp, --source-profile TEXT What AWS profile to get the session token with.
-tp, --target-profile TEXT What AWS profile to store the credentials under.
-v, --verbose BOOLEAN
--help Show this message and exit.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aws_auth_utils-1.0.0.tar.gz.
File metadata
- Download URL: aws_auth_utils-1.0.0.tar.gz
- Upload date:
- Size: 5.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: python-httpx/0.28.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d4403d9e977c259357803198a8e088bd1715441a781132763ac5c2cc7f9897f5
|
|
| MD5 |
986796d44d46e1c1d346aa85cc56442c
|
|
| BLAKE2b-256 |
38f72b59f7c84f9d900b05bbab16a6c4e24c116765fec3aec05c80865ea43f7e
|
File details
Details for the file aws_auth_utils-1.0.0-py3-none-any.whl.
File metadata
- Download URL: aws_auth_utils-1.0.0-py3-none-any.whl
- Upload date:
- Size: 4.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: python-httpx/0.28.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bd2b1220ee914b2d914e50f397f09d67c7588367f94c5df846fb9ff8930cd9fa
|
|
| MD5 |
cab8f146cd140a29412a49f83309fae4
|
|
| BLAKE2b-256 |
ea83cdd6999df9a79063c2b99589034600966637f9bda52e4cf4b9dd87fd0bc8
|
