UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects
Commit 1a7b3154 authored by Christopher O'Connell's avatar Christopher O'Connell Committed by Ryan Garcia
Browse files

Add aws mfa script and mfa aws creds example

parent bf695855
No related branches found
No related tags found
1 merge request!3068Add aws mfa script and mfa aws creds example
Hide whitespace changes
Inline Side-by-side
docs/assets/scripts/developer/aws-mfa.sh 0 → 100644
+ 48
0
View file @ 1a7b3154
#!/bin/bash
##################################################################################
# This MFA authentication script will add temporary access keys to your credentials file plus an additional AWS Session Token which is valid for a maximum of 12 hours.
# Pass parameters in like so... temporary profile must already exist with region configured in your CLI profile. See example in docs.
# bash aws-mfa.sh --user <username> --profile <temporary profile> --token <token-code>
# You can hard code your username after the - on line 9
# profile_long variable is your long term access keys
user=${user:-}
profile=${profile:-default}
profile_long=bigbang
token=${token:-}
serial="arn:aws-us-gov:iam::141078740716:mfa/${user}"
echo "If having issues with this script please see example ~/.aws/credentials file for setup @ https://repo1.dso.mil/big-bang/bigbang/-/blob/add-aws-mfa-scripting-to-k3d-dev/docs/assets/scripts/developer/mfa-aws-creds-example"
while [ $# -gt 0 ]; do
if [[ $1 == *"--"* ]]; then
param="${1/--/}"
declare $param="$2"
# echo $1 $2 # Optional to see the parameter:value result
fi
shift
done
if [ ${#token} -ne 6 ]; then
echo "Please provide a six digit token code with --token <token-code>"
exit 1
fi
echo "user: $user"
echo "profile: $profile"
echo "profile-long-term: $profile_long"
echo "token: $token"
echo "serial: $serial"
##################################################################################
# Remove existing environment variable values
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SESSION_TOKEN
# Get temporary MFA credentials
creds=$(aws sts get-session-token --token-code $token --profile $profile_long --serial-number $serial --query 'Credentials')
aws configure set aws_access_key_id $(echo $creds | python3 -c "import sys, json; print(json.load(sys.stdin)['AccessKeyId'])") --profile=$profile
aws configure set aws_secret_access_key $(echo $creds | python3 -c "import sys, json; print(json.load(sys.stdin)['SecretAccessKey'])") --profile=$profile
aws configure set aws_session_token $(echo $creds | python3 -c "import sys, json; print(json.load(sys.stdin)['SessionToken'])") --profile=$profile
aws sts get-caller-identity --profile $profile
docs/assets/scripts/developer/mfa-aws-creds-example 0 → 100644
+ 7
0
View file @ 1a7b3154
[bigbang]
region = us-gov-west-1
## REPLACE WITH YOUR EXISTING ACCESS KEYS FOR YOUR DEV ACCOUNT
aws_access_key_id = XXXXXXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[default]
region=us-gov-west-1
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED - NO CUI