AWS auth authenticates a user with temporary credentials for a specific amount of time with a MFA token
~/.aws/config
[profile yourUserProfile]
region = eu-central-1
[profile subAccount]
region = eu-central-1
role_arn = arn:aws:iam::123456789:role/AdminAccessFromMetaAccount
source_profile = yourUserProfile
~/.aws/credentials
[yourUserProfile]
aws_access_key_id =
aws_secret_access_key =
aws_session_token =
aws_auth <AWS_ACCOUNT_NAME>
# example
aws_auth -v julian.kleinhans
Now you have to enter your MFA token.
After that the script will add or update the yourUserProfile
AWS profile in ~/.aws
Now you are able to talk with AWS via CLI. Example:
aws --profile yourUserProfile s3 ls
In order to easily switch roles in AWS console it is recommended to use a Browser Plugin "AWS Extend Switch Roles". The following configuration can be used to configure this plugin:;
[yourUserProfile]
aws_account_id=123456789
role_name=AdminAccessFromMetaAccount
region=eu-central-1
color=b9acac