Support source_profile and MFA

[ejoncas]

My company has a funny setup where we have SECRET and ACCESS_KEY only for one account. Then that account is configured to allow role assumption for a set of different accounts.

Also, it is a requirement that every user has MFA configured.

This tool does not seem to support adding environments that works with role assumption and MFA, although the aws-cli does.

My .aws/credentials looks something like:

[sharedaccount]
aws_access_key_id     = SECRET
aws_secret_access_key = SUPER_SECRET

[dev]
role_arn       = arn:aws:iam::xxxx:role/MyTeamRole
mfa_serial     = arn:aws:iam::xxxx:mfa/my.username
source_profile = sharedaccount

[qa]
role_arn       = arn:aws:iam::xxxx:role/MyTeamRole
mfa_serial     = arn:aws:iam::xxxx:mfa/my.username
source_profile = sharedaccount

[stg]
role_arn       = arn:aws:iam::xxxx:role/MyTeamRole
mfa_serial     = arn:aws:iam::xxxx:mfa/my.username
source_profile = sharedaccount

[prd]
role_arn       = arn:aws:iam::xxxx:role/MyTeamRole
mfa_serial     = arn:aws:iam::xxxx:mfa/my.username
source_profile = sharedaccount

More info:

https://aws.amazon.com/blogs/security/how-to-use-a-single-iam-user-to-easily-access-all-your-accounts-by-using-the-aws-cli/ https://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html

As you can see, I don't have secret and access key for dev, qa, stg or prod. That makes this tool unusable for a lot of companies that are using this setup.