-
Notifications
You must be signed in to change notification settings - Fork 1
/
awsmfa.tmpl
27 lines (24 loc) · 1 KB
/
awsmfa.tmpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#!/usr/bin/env bash
set -euo pipefail
DURATION_SEC=${1:-1800}
read -p "MFA Token: " token
RES=($(aws sts get-session-token \
--profile refresh-awsmfa-token \
--serial-number arn:aws:iam::__AWS_ACCOUNT_ID__:mfa/__AWS_IAM_USER__ \
--token-code $token \
--duration-seconds $DURATION_SEC \
--query '[Credentials.AccessKeyId, Credentials.SecretAccessKey, Credentials.SessionToken]' \
--output text))
[ $? -ne 0 ] && exit 1
# awsmfaが書いたセクションを削除
touch ~/.aws/credentials.awsmfa
chmod 0600 ~/.aws/credentials.awsmfa
awk '/^# awsmfa begin/,/^# awsmfa end/ {next}1' ~/.aws/credentials > ~/.aws/credentials.awsmfa
mv ~/.aws/credentials{.awsmfa,}
echo "# awsmfa begin" >> ~/.aws/credentials
echo "[__AWS_PROFILE_NAME__]" >> ~/.aws/credentials
echo "aws_access_key_id = ${RES[0]}" >> ~/.aws/credentials
echo "aws_secret_access_key = ${RES[1]}" >> ~/.aws/credentials
echo "aws_session_token = ${RES[2]}" >> ~/.aws/credentials
echo "# awsmfa end" >> ~/.aws/credentials
echo '~/.aws/credentials updated'