No project description provided
Project description
Yubikey authentication for AWS CLI (and boto) made easy
This plugin enables aws-cli to directly talk to your YubiKey to acquire an OATH-TOTP code using the YubiKey's CCID application.
Currently, FIDO-U2F is unsupported on both, botocore and aws-cli. Using aws-cli with roles and a regular OATH-TOTP token at least prompts you for the TOTP code but this is quite cumbersome to use with a YubiKey.
Installation
awscli-plugin-yubikeytotp
can be installed from PyPI:
$ pip install awscli-plugin-yubikeytotp
It's also possible to install it just for your user in case you don't have permission to install packages system-wide:
$ pip install --user awscli-plugin-yubikeytotp
Configure AWS CLI
To enable the plugin, add this to your ~/.aws/config
:
[plugins]
yubikeytotp = awscli_plugin_yubikeytotp
Also make sure to have your MFA ARN configured for your profile:
[profile myprofile]
role_arn = arn:aws:iam::...
mfa_serial = arn:aws:iam::...
source_profile = default
Usage
Just use the aws
command with a custom role and the plugin will do the rest:
$ aws s3 ls --profile myprofile
Generating OATH code on YubiKey. You may have to touch your YubiKey to proceed...
Successfully created OATH code.
2013-07-11 17:08:50 mybucket
2013-07-24 14:55:44 mybucket2
Acknowledgements
- Thanks to @woowa-hsw0 for this inspiration for this plugin
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for awscli-plugin-yubikeytotp-0.1.1.dev1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 426f979635c0162ef22cfc3abfd9655a469120f3f8f94ce1ebb48a5f7e1063b9 |
|
MD5 | 00d284259c2f23fb116174d4258919df |
|
BLAKE2b-256 | 50a8a3a97f741c57171f96082683fa89938af40bd7a494ec342352427a984277 |
Hashes for awscli_plugin_yubikeytotp-0.1.1.dev1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 49b01d245c66b2131e0749d1f870520be886d79804cded1c04bace5eae0c6bc1 |
|
MD5 | 8e09b558fd3987907616b111037fc3c3 |
|
BLAKE2b-256 | c6b3423aaedffaef83282bdbf48f4fedb11ceb8e917d962a5b0910b9c914694b |