Skip to content

Authenticate to AWS with MFA πŸ”

License

Notifications You must be signed in to change notification settings

jhandguy/aws-mfa

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

aws-mfa

Version Downloads License Build Release

Authenticate to AWS with MFA πŸ”

➜ aws-mfa
Authenticate to AWS with MFA πŸ”

Usage: aws-mfa <COMMAND>

Commands:
  file  Authenticate to AWS with MFA using config and credentials files
  env   Authenticate to AWS with MFA using environment variables
  help  Print this message or the help of the given subcommand(s)

Options:
  -h, --help     Print help
  -V, --version  Print version

Installation

aws-mfa is published on crates.io and can be installed with

cargo install aws-mfa

or via homebrew-tap with

brew install jhandguy/tap/aws-mfa

or downloaded as binary from the releases page.

Usage

Config and credentials files

Add default region in ~/.aws/config:

[profile <profile_name>-noauth]
region = <aws_region>

[profile <profile_name>]
region = <aws_region>

Add basic credentials in ~/.aws/credentials:

[<profile_name>-noauth]
aws_access_key_id = <aws_access_key_id>
aws_secret_access_key = <aws_secret_access_key>

Note: make sure to add the -noauth suffix to the profile name

Run the aws-mfa file command:

aws-mfa file -p <profile_name> -c <mfa_code>

Check generated credentials in ~/.aws/credentials:

cat ~/.aws/credentials
[<profile_name>]
aws_access_key_id = <aws_access_key_id>
aws_secret_access_key = <aws_secret_access_key>
aws_session_token = <aws_session_token>
aws_session_expiration_timestamp = <aws_session_expiration_timestamp>

Environment variables

Export default region and basic credentials as environment variables:

export AWS_REGION=<aws_region>
export AWS_ACCESS_KEY_ID=<aws_access_key_id>
export AWS_SECRET_ACCESS_KEY=<aws_secret_access_key>

Eval the aws-mfa env command:

eval $(aws-mfa env -c <mfa_code>)

Check exported environment variables:

env | grep AWS_
AWS_REGION=<aws_region>
AWS_ACCESS_KEY_ID=<aws_access_key_id>
AWS_SECRET_ACCESS_KEY=<aws_secret_access_key>
AWS_SESSION_TOKEN=<aws_session_token>
AWS_SESSION_EXPIRATION_TIMESTAMP=<aws_session_expiration_timestamp>