Skip to content

Create temporary credentials for MFA users on AWS

License

Notifications You must be signed in to change notification settings

craftyc0der/aws-mfa-session

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

95 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

aws-mfa-session

build status codecov crates.io

A command line utility to generate temporary AWS credentials with virtual MFA device. Credentials could be exported into new shell or inserted into aws credentials file.

Features

  • support only virtual MFA devices (current limitation of API)
  • select any profile from credential file
  • detect MFA device from user profile
  • generate temporary credentials (using sts)
  • update profile in the credential file with generated credentials

Release page distributions

Github Release page provides binaries for:

  • Windows
  • Linux
  • macOS

Examples

Generate session credentials with default profile, and print the credentials as exported environment variables

aws-mfa-session --code 123456 -e

Could be used to inject variables into the current shell

eval $(aws-mfa-session -c 464899 -e)

Generate session credentials with default profile and MFA arn:

aws-mfa-session --arn arn:aws:iam::012345678910:mfa/username --code 123456 -e

Generate session credentials with default profile and non-default region:

aws-mfa-session --region us-east2 --code 123456 -e

Generate session credentials with default profile, and run a new shell with new shell with exported environment variables

aws-mfa-session --code 123456 -s

Generate session credentials with default profile, and create or update a new profile:

aws-mfa-session --update-profile mfa-session --code 123456

Generate session credentials with defined profile, and create or update a new profile:

aws-mfa-session --profile dev --update-profile mfa-session --code 123456

Generate session credentials with defined profile and non-default credential file, and create or update a new profile:

aws-mfa-session --credentials-file .aws/credentials2 --profile dev --update-profile mfa-session --code 123456

Assume a role, generate the MFA token:

aws-mfa-session --profile prod --update-profile default --arn arn:aws:iam::***:mfa/***  --secret *MFA_SECRET* --region us-east-1 --rolearn arn:aws:iam::***:role/***

How to build and install

Requirements: rust and cargo

# Build
cargo build --release

# Install from local source
cargo install

# Install latest from git
cargo install --git https://github.com/crafty0coder/aws-mfa-session

# Install from crate package
cargo install aws-mfa-session

About

Create temporary credentials for MFA users on AWS

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Rust 100.0%