Open rkoval opened 2 years ago
@rkoval Yes, I recommend to implement in go this way:
aws mfa-auth ${profile_name} ${six_digits_token}
, ${profile_name}
is the source named profile for mfa auth. If the account force mfa, then you can never use this profile directly.${HOME}
directory, for instance ${HOME}/.alfred-aws-console-services-workflow/secrets.json
is a good place. DON't USE THE ALFRED WORKFLOW DIRECTORY which is the /path-to/user.workflow.70776F59-2678-4404-B83C-1111222233334444
. Because if the user export it, there's a risk that user expose his credential to public.${HOME}/..../secrets.json
file. If success, then set environment variable accordingly. Now the new mfa authenticated profile will automatically work.
details: https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/
seems like this needs to expose something that can detect when an account requires MFA and then set
AWS_SESSION_TOKEN
?