Git Product home page Git Product logo

aws-assume-role-mfa's Introduction

aws-assume-role-mfa

This setup will help you to automatically sign into a root/security account and then role switch to another account

Pre-Requisites

aws-cli installed and configured
aws profiles added (as detailed below)
oath-toolkit (brew install oath-toolkit)
your MFA secret stored (as detailed below)

AWS Profiles

Make sure you have your AWS profiles setup in ~/.aws/credentials as below:

[myCompany]
aws_access_key_id = XXXXXXXXXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
region=eu-west-2
output=json

[myCompany-dev]
role_arn = arn:aws:iam::111111111111:role/myCompany-dev-admin
source_profile = myCompany

[myCompany-staging]
role_arn = arn:aws:iam::222222222222:role/myCompany-staging-admin
source_profile = myCompany

[myCompany-prod]
role_arn = arn:aws:iam::333333333333:role/myCompany-prod-admin
source_profile = myCompany

MFA secret

To store your MFA secret using oath-toolkit:

Add a Virtual MFA token to your AWS account:

security add-generic-password -a "myCompany" -s "myCompany" -w "mysecretMFAkey"
  • Fetch an MFA and fill in :MFA code 1"
oathtool --base32 --totp $(security find-generic-password -ga "myCompany" 2>&1 >/dev/null | cut -d'"' -f2)
  • Wait until the next minute and then Fetch an MFA and fill in :MFA code 2"
oathtool --base32 --totp $(security find-generic-password -ga "myCompany" 2>&1 >/dev/null | cut -d'"' -f2)

Running the script

source assume_role.sh myCompany-dev

Alias'

Add an alias to your environment such as :

alias role='source /path/to/script/assume_role.sh'
role myCompany-dev

aws-assume-role-mfa's People

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.