Navigation Menu

Skip to content

pbar1/mfaws

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits

assets

assets

 
 

build/package

build/package

 
 

cmd

cmd

 
 

docs

docs

 
 

internal

internal

 
 

vendor

vendor

 
 

.gitignore

.gitignore

 
 

.goreleaser.yml

.goreleaser.yml

 
 

.travis.yml

.travis.yml

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

main.go

main.go

 
 

Repository files navigation

🔒 mfaws 🔒

AWS Multi-Factor Authentication manager

Build Status GitHub release Go Report Card Docker pulls

Installation

Install script (Linux & macOS)

Download the appropriate binary from the releases page, chmod +x, and drop it into your PATH.

Chocolatey (Windows)

choco install mfaws

Note: Make sure your hardware clock is correct! Especially if dual booting. If your time is out of sync, your MFA attempts will fail and the codes oathtool generates will be wrong (if you use it).

Usage

AWS Multi-Factor Authentication manager

Usage:
  mfaws [flags]
  mfaws [command]

Available Commands:
  help        Help about any command
  version     Prints mfaws version information

Flags:
  -a, --assume-role string         ARN of IAM role to assume [MFA_ASSUME_ROLE]
  -c, --credentials-file string    Path to AWS credentials file (default "~/.aws/credentials") [AWS_SHARED_CREDENTIALS_FILE]
  -d, --device string              ARN of MFA device to use [MFA_DEVICE]
  -l, --duration int               Duration in seconds for credentials to remain valid (default assume-role ? 3600 : 43200) [MFA_STS_DURATION]
  -e, --external-id string         Unique ID used by third parties to assume a role in their customers' accounts [AWS_EXTERNAL_ID]
  -f, --force                      Force credentials to refresh even if not expired
  -h, --help                       help for mfaws
      --long-term-suffix string    Suffix appended to long-term profiles (default "-long-term")
  -p, --profile string             Name of profile to use in AWS credentials file (default "default") [AWS_PROFILE]
  -s, --role-session-name string   Session name when assuming a role
      --short-term-suffix string   Suffix appended to short-term profiles (default "")
  -t, --token string               MFA token to use for authentication
  -v, --verbose                    Enable verbose output

Use "mfaws [command] --help" for more information about a command.

Examples

Using the default profile

Make sure you have the following in your $HOME/.aws/credentials file:

[default-long-term]
aws_access_key_id     = $YOUR_AWS_ACCESS_KEY_ID
aws_secret_access_key = $YOUR_AWS_SECRET_ACCESS_KEY
aws_mfa_device        = $YOUR_MFA_DEVICE_ARN

Then, simply run

mfaws

to fetch temporary credentials for your default AWS profile. More advanced configuration is possible (see Usage).

Combine mfaws with oathtool

Set an alias for generating your MFA token, then pipe it into mfaws:

alias otp-aws="oathtool --totp --base32 $YOUR_AWS_TOTP_KEY"

otp-aws | mfaws
# or
otp-aws | mfaws -p some-profile

About

🔒 AWS multi-factor authentication for the CLI

Topics

aws sts amazon-web-services mfa two-factor-authentication multi-factor-authentication 2fa aws-sts aws-mfa awsmfa

Resources

Readme

License

MIT license
Activity

Stars

42 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases 6

1.0.5 Latest
Jul 24, 2020
+ 5 releases

Packages

No packages published

Languages