Skip to content
/ awsmfa Public
forked from vividbytes/awsmfa

A cli utility for using 2-factor authentication with AWS CLI

1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

notbrain/awsmfa

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
bin
bin
 
 
.gitignore
.gitignore
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
readme.md
readme.md
 
 

Repository files navigation

Installation

npm i -g @notbrain/awsmfa (COMING SOON)

git clone --depth 1 https://github.com/notbrain/awsmfa
cd awsmfa
npm i -g

Requirements

Your aws credentials should be located at ~/.aws/credentials and the file should look something like the one below. You can't have a [default] profile because that will be overwritten by this program. mfa_arn is the arn of the mfa device that you've registered with a particular IAM user.

[profile-1]
aws_access_key_id = AKLFJEIFJAELSEKFJASDLKFJ
aws_secret_access_key = lsafjio3jlk2j4kl2j4j23lk4j23kl4j12
mfa_arn = arn:aws:iam::lsfaiselfjlaskjkda:mfa/profile-1

[profile-2]
aws_access_key_id = LAKSJLAFEIFJALJKFKSDJF
aws_secret_access_key = aeijei02jfeji2j0fijijf20ijflvklkl
mfa_arn = arn:aws:iam::lsfaiselfjlaskjkda:mfa/profile-2

Usage

After installation you should have access to the awsmfa command. The first argument is the profile you want to use and the second argument is the MFA token.

Example

awsmfa profile-1 382973

The commmand adds a [default] profile to your credentials file with a session-token. The session is valid for 24 hours. The credentials file would now look something like this.

[profile-1]
aws_access_key_id = AKLFJEIFJAELSEKFJASDLKFJ
aws_secret_access_key = lsafjio3jlk2j4kl2j4j23lk4j23kl4j12
mfa_arn = arn:aws:iam::lsfaiselfjlaskjkda:mfa/profile-1

[profile-2]
aws_access_key_id = LAKSJLAFEIFJALJKFKSDJF
aws_secret_access_key = aeijei02jfeji2j0fijijf20ijflvklkl
mfa_arn = arn:aws:iam::lsfaiselfjlaskjkda:mfa/profile-2

[default]
aws_access_key_id = ASIAIORDHLIN536UOYLQ
aws_secret_access_key = hc5mLgs8mFP5KVN5js+nHdTJqkkxLRSiCJeMP0kR
aws_session_token = FQoDYXdzENj//////////wEaDBSRyXR9SFAmXO/r/yKwAVDM2JNEGzIT4xAcFWRjOviFWZvKsTr6IXi2gXwvRnGIHHYDLwp89m0CsKMmsR+olGfnUJCd8LoD9M5ckCPIZcu5tsSNibR/wVJV4Rnnhksw+ZXKs8vCzN28/0EWCKPorIBFyvb6TWHyEx6mko2YeZNrS+dJfG3j4Ss5M1jGo9x1tmavp4HW4dtVnqKwh0cJYnpJ6zur6XMIG9jlRsp+1LWg/cQrwVdHiPrN8Lca8PX2KLCr+dUF

Now, when you use the AWS CLI, it defaults to using the session you last started. If you think what this package offers is too simplistic and you want more control, check out broamski/aws-mfa.

Shell Variable Export Option

If you set AWSMFA_CACHE_ENABLED=true, awsmfa will create a file named whatever the value of AWSMFA_TIMEOUT_FILE is. For example if you set:

AWSMFA_CACHE_ENABLED=true|false
AWSMFA_TIMEOUT_FILE="$HOME/.awsmfa/timeout"

The file $HOME/.awsmfa/timeout will contain

export AWSMFA_EXPIRE_EPOCH=<epoch_of_expiration>
export AWSMFA_PROFILE=<profile_name>

which can be used to calculate the expiration time and current profile active for use in custom shell prompts.

About

A cli utility for using 2-factor authentication with AWS CLI

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 100.0%