Skip to main content

MFA helper script for AWS

Project description

Helper script for using MFA with the aws cli. Requires python3.

Usage

usage: mfa-aws [options]

updates aws credentials file with temporary sts credentials obtained with mfa

optional arguments:
  -h, --help            show this help message and exit
  -d, --debug           Enable debug
  -c CONFIG_FILE, --config-file CONFIG_FILE
                        config file to load mfa details [~/.aws/mfa-config]
  -p PROFILE, --profile PROFILE
                        profile to be loaded from the config file [default]

Example

Before

[~/.aws/credentials]

[default]
aws_access_key_id = ASIADSJFKDSF3242
aws_secret_access_key = FDSFSDKJFd/fdsfSDFSFfDSF4837fdDSFHDKSFsd0D

[other-account-default]
aws_access_key_id = ASIADSGFDDFG3897
aws_secret_access_key = DFGKSJGSDKJGSDKJ4636//43643KJ353KJH/KFDFSDFS/DLKDKSFsd0D

[~/.aws/mfa-config]

[profile default]
mfa_serial = arn:aws:iam::111111111111:mfa/username
dest_profile = default-mfa

[profile other-account]
mfa_serial = arn:aws:iam::999999999999:mfa/username
dest_profile = other-account-mfa
source_profile = other-account-default

Run

MBP-USERNAME:~ username$ mfa-aws
token code for arn:aws:iam::111111111111:mfa/username: 111111
MBP-USERNAME:~ username$
MBP-USERNAME:~ username$ mfa-aws -p other-account
token code for arn:aws:iam::999999999999:mfa/username: 999999
MBP-USERNAME:~ username$

After

[~/.aws/credentials]

[default]
aws_access_key_id = ASIADSJFKDSF3242
aws_secret_access_key = FDSFSDKJFd/fdsfSDFSFfDSF4837fdDSFHDKSFsd0D

[other-account-default]
aws_access_key_id = ASIADSGFDDFG3897
aws_secret_access_key = DFGKSJGSDKJGSDKJ4636//43643KJ353KJH/KFDFSDFS/DLKDKSFsd0D

[default-mfa]
aws_access_key_id = ASIADSJFKDSF3242
aws_secret_access_key = FDSFSDKJFd/fdsfSDFSFfDSF4837fdDSFHDKSFsd0D
aws_session_token = RIKJSFSAFJAS128753718965/352523//35jfhdssdDSJFKRIKJSFSAFJAS128753718965/352523//35jfhdssdDSJFKRIKJSFSAFJAS128753718965/352523//35jfhdssdDSJFK

[other-account-mfa]
aws_access_key_id = ASIADSGFDDFG3897
aws_secret_access_key = DFGKSJGSDKJGSDKJ4636//43643KJ353KJH/KFDFSDFS/DLKDKSFsd0D
aws_session_token = DFKJSF8732ASFAJKFHFHK324423/rekjAF/33kjfDFJKKJFDDFKJSF8732ASFAJKFHFHK324423/rekjAF/33kjfDFJKKJFDDFKJSF8732ASFAJKFHFHK324423/rekjAF/33kjfDFJKKJFD

Integrations

YubiKey

The TOTP functionality of YubiKey tokens can be integrated on the cli through the ykman cli utility. Just specify the yubikey_credential_name in the mfa-config profile.

[profile yubikey-account]
mfa_serial = arn:aws:iam::999999999999:mfa/jamie
yubikey_credential_name = AWS:jamie@yubikey-account
dest_profile = yubikey-account-mfa
source_profile = yubikey-account-default

yubikey_credential_name is of the form Issuer:AccountName and can be viewed with the following ykman command.

ykman oath list

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

mfa-aws-1.0.1.tar.gz (9.2 kB view details)

Uploaded Source

Built Distribution

mfa_aws-1.0.1-py3-none-any.whl (9.5 kB view details)

Uploaded Python 3

File details

Details for the file mfa-aws-1.0.1.tar.gz.

File metadata

  • Download URL: mfa-aws-1.0.1.tar.gz
  • Upload date:
  • Size: 9.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.5

File hashes

Hashes for mfa-aws-1.0.1.tar.gz
Algorithm Hash digest
SHA256 b85eb7644e30dca2f8b583e18084f821db65a202c2275974a25649bbbbae991d
MD5 a2f444ba64017b5b819b8c7739f43e55
BLAKE2b-256 e07bfecee251bf66e620361548e94809b6252b304136cba2f5d59f92caa5cff2

See more details on using hashes here.

File details

Details for the file mfa_aws-1.0.1-py3-none-any.whl.

File metadata

  • Download URL: mfa_aws-1.0.1-py3-none-any.whl
  • Upload date:
  • Size: 9.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.5

File hashes

Hashes for mfa_aws-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 2073a60645430260449c5f55c8b7b4ed75c5504e4e2655c23cdff2c94fbf241e
MD5 ef15c5f05503d7746e0b73ef1b7da803
BLAKE2b-256 6620bf6382d111b3ef438bbb038b6c62bf82abbafff104385028660c7b273f0d

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page