-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add the ability to assume a role without entering MFA #22
base: master
Are you sure you want to change the base?
Conversation
…ve already set short-term credentials using MFA
Hi there. You should already be able to accomplish this...from the docs... This allows you to access multiple environments without the need to run aws-mfa each time you want to switch environments. If you don't like the a long term suffix, you can omit it by passing the value none for the --long-term-suffix command line argument. After running aws-mfa once for each environment with a different value for --short-term-suffix, your credentials file would read:
Notice the statement |
Hi @broamski This all makes sense, however I'm trying to eliminate the need to key in my MFA token more than once per 12 hours. I have an IAM user who must be authenticated with MFA. Once they're authenticated with MFA, and I have a short-term credential for them, I'd like to create another short-term credential with an assumed role, but I'd like to use the first short-term credential without keying in the MFA token again. For example the
When I look at the code it always prompts the user to enter their MFA token code, even when the role can be assumed without the I hope I'm making sense and not missing anything obvious! Thanks! |
@broamski I'm realizing I'm ignoring the |
@broamski Any thoughts on this? Thanks! |
Any changes that this will get merged? I'll need this feature as well. |
@maafk Wow! Thank you! |
This project is great!
This PR attempts to address a use case I have on a daily basis.
We have an Identity AWS account where we have IAM users, then multiple accounts with roles we can assume. In the Identity account, we must be authenticated with MFA in order to assume roles.
Once I'm authenticated with MFA (
get_session_token
), I'd like the option to seamlessly assume roles in other accounts without having to key in my MFA code each time, so I want to pass the short-term credentials to the boto3 client.