Open consideRatio opened 1 year ago
Here's the script I just made for this, specific to nasa-veda and my MFA:
#!/bin/zsh
MFA_TOKEN=${1}
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
export AWS_PROFILE=nasa-veda
export MFA_DEVICE_ID=arn:aws:iam::444055461661:mfa/phone
SESSION_CREDS=$(aws sts get-session-token --serial-number ${MFA_DEVICE_ID} --token-code ${MFA_TOKEN})
export AWS_ACCESS_KEY_ID=$(echo ${SESSION_CREDS} | jq -r .Credentials.AccessKeyId)
export AWS_SECRET_ACCESS_KEY=$(echo ${SESSION_CREDS} | jq -r .Credentials.SecretAccessKey)
export AWS_SESSION_TOKEN=$(echo ${SESSION_CREDS} | jq -r .Credentials.SessionToken)
I can then call this as source nasa-veda-mfa.bash <mfa-code>
It is not obvious to me how to get credentials to work against an AWS account that enforces use of MFA on the CLI level, but below is the procedure I've followed outlined.
Action point
How I've went about it so far
I've tried the following, but only for
nasa-veda
's AWS account.arn:aws:iam::111222333444:mfa/my-pixel3a-mobile
aws sts get-session-token
like this: