MFA helper script for AWS
Project description
Helper script for using MFA with the aws cli. Requires python3.
Usage
usage: mfa-aws [options]
updates aws credentials file with temporary sts credentials obtained with mfa
optional arguments:
-h, --help show this help message and exit
-d, --debug Enable debug
-c CONFIG_FILE, --config-file CONFIG_FILE
config file to load mfa details [~/.aws/mfa-config]
-p PROFILE, --profile PROFILE
profile to be loaded from the config file [default]
Example
Before
[~/.aws/credentials]
[default]
aws_access_key_id = ASIADSJFKDSF3242
aws_secret_access_key = FDSFSDKJFd/fdsfSDFSFfDSF4837fdDSFHDKSFsd0D
[other-account-default]
aws_access_key_id = ASIADSGFDDFG3897
aws_secret_access_key = DFGKSJGSDKJGSDKJ4636//43643KJ353KJH/KFDFSDFS/DLKDKSFsd0D
[~/.aws/mfa-config]
[profile default]
mfa_serial = arn:aws:iam::111111111111:mfa/username
dest_profile = default-mfa
[profile other-account]
mfa_serial = arn:aws:iam::999999999999:mfa/username
dest_profile = other-account-mfa
source_profile = other-account-default
Run
MBP-USERNAME:~ username$ mfa-aws
token code for arn:aws:iam::111111111111:mfa/username: 111111
MBP-USERNAME:~ username$
MBP-USERNAME:~ username$ mfa-aws -p other-account
token code for arn:aws:iam::999999999999:mfa/username: 999999
MBP-USERNAME:~ username$
After
[~/.aws/credentials]
[default]
aws_access_key_id = ASIADSJFKDSF3242
aws_secret_access_key = FDSFSDKJFd/fdsfSDFSFfDSF4837fdDSFHDKSFsd0D
[other-account-default]
aws_access_key_id = ASIADSGFDDFG3897
aws_secret_access_key = DFGKSJGSDKJGSDKJ4636//43643KJ353KJH/KFDFSDFS/DLKDKSFsd0D
[default-mfa]
aws_access_key_id = ASIADSJFKDSF3242
aws_secret_access_key = FDSFSDKJFd/fdsfSDFSFfDSF4837fdDSFHDKSFsd0D
aws_session_token = RIKJSFSAFJAS128753718965/352523//35jfhdssdDSJFKRIKJSFSAFJAS128753718965/352523//35jfhdssdDSJFKRIKJSFSAFJAS128753718965/352523//35jfhdssdDSJFK
[other-account-mfa]
aws_access_key_id = ASIADSGFDDFG3897
aws_secret_access_key = DFGKSJGSDKJGSDKJ4636//43643KJ353KJH/KFDFSDFS/DLKDKSFsd0D
aws_session_token = DFKJSF8732ASFAJKFHFHK324423/rekjAF/33kjfDFJKKJFDDFKJSF8732ASFAJKFHFHK324423/rekjAF/33kjfDFJKKJFDDFKJSF8732ASFAJKFHFHK324423/rekjAF/33kjfDFJKKJFD
Integrations
YubiKey
The TOTP functionality of YubiKey tokens can be integrated on the cli through the ykman cli utility. Just specify the yubikey_credential_name in the mfa-config profile.
[profile yubikey-account]
mfa_serial = arn:aws:iam::999999999999:mfa/jamie
yubikey_credential_name = AWS:jamie@yubikey-account
dest_profile = yubikey-account-mfa
source_profile = yubikey-account-default
yubikey_credential_name is of the form Issuer:AccountName and can be viewed with the following ykman command.
ykman oath list
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
mfa-aws-1.0.1.tar.gz
(9.2 kB
view details)
Built Distribution
File details
Details for the file mfa-aws-1.0.1.tar.gz
.
File metadata
- Download URL: mfa-aws-1.0.1.tar.gz
- Upload date:
- Size: 9.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.10.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 |
b85eb7644e30dca2f8b583e18084f821db65a202c2275974a25649bbbbae991d
|
|
MD5 |
a2f444ba64017b5b819b8c7739f43e55
|
|
BLAKE2b-256 |
e07bfecee251bf66e620361548e94809b6252b304136cba2f5d59f92caa5cff2
|
File details
Details for the file mfa_aws-1.0.1-py3-none-any.whl
.
File metadata
- Download URL: mfa_aws-1.0.1-py3-none-any.whl
- Upload date:
- Size: 9.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.10.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 |
2073a60645430260449c5f55c8b7b4ed75c5504e4e2655c23cdff2c94fbf241e
|
|
MD5 |
ef15c5f05503d7746e0b73ef1b7da803
|
|
BLAKE2b-256 |
6620bf6382d111b3ef438bbb038b6c62bf82abbafff104385028660c7b273f0d
|