Authenticate to AWS with MFA π
β aws-mfa
Authenticate to AWS with MFA π
Usage: aws-mfa <COMMAND>
Commands:
file Authenticate to AWS with MFA using config and credentials files
env Authenticate to AWS with MFA using environment variables
help Print this message or the help of the given subcommand(s)
Options:
-h, --help Print help
-V, --version Print version
aws-mfa is published on crates.io and can be installed with
cargo install aws-mfa
or via homebrew-tap with
brew install jhandguy/tap/aws-mfa
or downloaded as binary from the releases page.
Add default region in ~/.aws/config
:
[profile <profile_name>-noauth]
region = <aws_region>
[profile <profile_name>]
region = <aws_region>
Add basic credentials in ~/.aws/credentials
:
[<profile_name>-noauth]
aws_access_key_id = <aws_access_key_id>
aws_secret_access_key = <aws_secret_access_key>
Note: make sure to add the
-noauth
suffix to the profile name
Run the aws-mfa file
command:
aws-mfa file -p <profile_name> -c <mfa_code>
Check generated credentials in ~/.aws/credentials
:
cat ~/.aws/credentials
[<profile_name>]
aws_access_key_id = <aws_access_key_id>
aws_secret_access_key = <aws_secret_access_key>
aws_session_token = <aws_session_token>
aws_session_expiration_timestamp = <aws_session_expiration_timestamp>
Export default region and basic credentials as environment variables:
export AWS_REGION=<aws_region>
export AWS_ACCESS_KEY_ID=<aws_access_key_id>
export AWS_SECRET_ACCESS_KEY=<aws_secret_access_key>
Eval the aws-mfa env
command:
eval $(aws-mfa env -c <mfa_code>)
Check exported environment variables:
env | grep AWS_
AWS_REGION=<aws_region>
AWS_ACCESS_KEY_ID=<aws_access_key_id>
AWS_SECRET_ACCESS_KEY=<aws_secret_access_key>
AWS_SESSION_TOKEN=<aws_session_token>
AWS_SESSION_EXPIRATION_TIMESTAMP=<aws_session_expiration_timestamp>