DEV Community

Cover image for Generate AWS Temporary Credential And Add It As A Profile
πŸš€ Vu Dao πŸš€
πŸš€ Vu Dao πŸš€

Posted on

Generate AWS Temporary Credential And Add It As A Profile

#aws #devops #cloudopz #security

Generate AWS Temporary Credential And Add It As A Profile

πŸš€ Beside AWS SSO, we can use auto script to generate temporary credential and add it as [mfa] profile

Ref: https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/

#!/bin/bash # Generate Temp cred and promote it as a new profile # Run script whenever the session token expired set -e tmp_file=$(mktemp /tmp/temp-cred.XXXXX) aws sts get-session-token --serial-number arn:aws:iam::111111111111:mfa/my.mfa --token-code "$1" > "$tmp_file" sed -i '/\[mfa\]/,/^\s*$/{d}' ~/.aws/credentials cat<<EOF >>~/.aws/credentials [mfa] aws_access_key_id = $(cat ${tmp_file} | jq '.[] | .AccessKeyId' | sed 's/"//g') aws_secret_access_key = $(cat ${tmp_file} | jq '.[] | .SecretAccessKey' | sed 's/"//g') aws_session_token = $(cat ${tmp_file} | jq '.[] | .SessionToken' | sed 's/"//g') EOF rm $tmp_file
Enter fullscreen mode Exit fullscreen mode

πŸš€ Test 

⚑ $ ./short-term-cred.sh 1234 ⚑ $ cat ~/.aws/credentials [default] aws_access_key_id = example-access-key aws_secret_access_key = example-secret-access [mfa] aws_access_key_id = example-access-key-as-in-returned-output aws_secret_access_key = example-secret-access-key-as-in-returned-output aws_session_token = example-session-Token-as-in-returned-output
Enter fullscreen mode Exit fullscreen mode 
⚑ $ aws elbv2 describe-target-groups --region ap-northeast-1 --profile mfa | grep TargetGroupArn | wc -l 35
Enter fullscreen mode Exit fullscreen mode

🌠 Blog · Github · Web · Linkedin · Group · Page · Twitter 🌠

Top comments (0)