AWS CLI MFA - Easily Manage Session Token

Project description

AWS CLI MFA

Developed by Ajeet Yadav

Example of How To Use

# Setup ARN and profile name
cli-aws-mfa init

# Refresh Session Token
cli-aws-mfa refresh

Policy Used for CLI MFA

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "MustBeSignedInWithMFA",
            "Effect": "Deny",
            "NotAction": [
                "iam:CreateVirtualMFADevice",
                "iam:DeleteVirtualMFADevice",
                "iam:ListVirtualMFADevices",
                "iam:EnableMFADevice",
                "iam:ResyncMFADevice",
                "iam:ListAccountAliases",
                "iam:ListUsers",
                "iam:ListSSHPublicKeys",
                "iam:ListAccessKeys",
                "iam:ListServiceSpecificCredentials",
                "iam:ListMFADevices",
                "iam:GetAccountSummary",
                "sts:GetSessionToken"
            ],
            "Resource": "*",
            "Condition": {
                "BoolIfExists": {
                    "aws:MultiFactorAuthPresent": "false"
                }
            }
        }
    ]
}

Here's a brief summary of the methods in this class:

__init__(self, profile_name="mfa-user", mfa_arn=None): Initializes a new MFA instance with the specified profile name and MFA ARN (Amazon Resource Name).
set_mfa_token(self, token): Sets the MFA token for the instance.
set_mfa_arn(self, arn): Sets the MFA ARN for the instance.
authenticate(self): Authenticates with AWS using the specified MFA ARN and token, and returns a set of temporary credentials.
set_credential(self, credentials): Sets the AWS credentials for the specified profile name using the temporary credentials returned by authenticate().
check_mfa_arn_file(self): Checks if the MFA ARN file exists in the AWS configuration directory.
check_mfa_profile_file(self): Checks if the profile file exists in the AWS configuration directory.
get_arn_from_file(self): Reads the MFA ARN from the MFA ARN file in the AWS configuration directory.
get_profile_from_file(self): Reads the profile name from the profile file in the AWS configuration directory.
validate_session(self): Validates the session for the specified profile name and prints an error message if any of the AWS access keys are not set.

Here's some documentation for each of the methods in this class:

__init__(self, profile_name="mfa-user", mfa_arn=None): This is the constructor for the MFA class. It initializes a new instance with the specified profile name and MFA ARN. If no profile name is specified, the default profile name is "mfa-user". If no MFA ARN is specified, it is set to None.
set_mfa_token(self, token): This method sets the MFA token for the instance.
set_mfa_arn(self, arn): This method sets the MFA ARN for the instance.
authenticate(self): This method authenticates with AWS using the specified MFA ARN and token. It returns a set of temporary credentials that can be used to access AWS resources.
set_credential(self, credentials): This method sets the AWS credentials for the specified profile name using the temporary credentials returned by authenticate(). It writes the credentials to the AWS credentials file in the user's home directory.
check_mfa_arn_file(self): This method checks if the MFA ARN file exists in the AWS configuration directory. If the file exists, it returns True. Otherwise, it returns False.
check_mfa_profile_file(self): This method checks if the profile file exists in the AWS configuration directory. If the file exists, it returns True. Otherwise, it returns False.
get_arn_from_file(self): This method reads the MFA ARN from the MFA ARN file in the AWS configuration directory. It returns the MFA ARN as a string.
get_profile_from_file(self): This method reads the profile name from the profile file in the AWS configuration directory. If the file exists, it returns the profile name as a string. Otherwise, it returns the default profile name ("mfa-user").
validate_session(self): This method validates the session for the specified profile name. If any of the AWS access keys are not set, it prints an error message. Otherwise, it prints a message

Project details

Release history Release notifications | RSS feed

This version

0.0.10

Apr 27, 2023

0.0.9

Apr 27, 2023

0.0.8

Apr 20, 2023

0.0.7

Apr 19, 2023

0.0.6

Apr 19, 2023

0.0.5

Apr 19, 2023

0.0.4

Apr 19, 2023

0.0.3

Apr 19, 2023

0.0.2

Apr 19, 2023

0.0.1

Apr 19, 2023

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cli-aws-mfa-0.0.10.tar.gz (4.7 kB view details)

Uploaded Apr 27, 2023 Source

Built Distribution

cli_aws_mfa-0.0.10-py3-none-any.whl (5.3 kB view details)

Uploaded Apr 27, 2023 Python 3

File details

Details for the file cli-aws-mfa-0.0.10.tar.gz.

File metadata

Download URL: cli-aws-mfa-0.0.10.tar.gz
Upload date: Apr 27, 2023
Size: 4.7 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.9.16

File hashes

Hashes for cli-aws-mfa-0.0.10.tar.gz
Algorithm	Hash digest
SHA256	`e444fa46344755d2383701e9ffe5ba016f33fbd079f3aeafee66faf6a25f501b`
MD5	`f8fd6a7883d08424bab8510b021771cf`
BLAKE2b-256	`6104b961dfa328d47900f51c92407a8b7afeac36c7c0a950f7942a58caa833f9`

See more details on using hashes here.

File details

Details for the file cli_aws_mfa-0.0.10-py3-none-any.whl.

File metadata

Download URL: cli_aws_mfa-0.0.10-py3-none-any.whl
Upload date: Apr 27, 2023
Size: 5.3 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/4.0.2 CPython/3.9.16

File hashes

Hashes for cli_aws_mfa-0.0.10-py3-none-any.whl
Algorithm	Hash digest
SHA256	`22d021147d4f032214d785e080ebed063cbc59cd0212f84f148dcda0c323be20`
MD5	`a15482c1ad161abc3680d913404fc2fa`
BLAKE2b-256	`f45a912f567b73dda8fc8e4fb9a911ad98f0de0f0667e0a25d6f8420d7640b58`