aws-mfa
prepares the environment for commands that interact with AWS. It uses AWS STS to get temporary credentials. This is necessary if you have MFA enabled on your account. The variables it sets are
- AWS_SECRET_ACCESS_KEY
- AWS_ACCESS_KEY_ID
- AWS_SESSION_TOKEN
- AWS_SECURITY_TOKEN
aws-mfa
is available via Rubygems. To install it you can run gem install aws-mfa
.
Before using aws-mfa
, you must have the AWS CLI installed (through whatever method you choose) and configured (through aws configure
).
The very first time you run aws-mfa
it will fetch the ARN for your MFA device and ask you to confirm it. Next, it will prompt you for the 6-digit code from your MFA device. For the next 12 hours, aws-mfa
will not prompt you for anything. After 12 hours, your temporary credentials expire, so aws-mfa
will prompt you for the 6-digit code again.
By default aws-mfa
will use the default profile from aws cli, to specify a different profile to use simply use the --profile
parameter like you normally would with the aws cli
There are two ways you can use aws-mfa
:
The first is to use it to alter the environment of your current shell. To do this, run eval $(aws-mfa)
. Now any command that uses the standard AWS environment variables should work.
The second is to use it to alter the environment of a single invocation of a program. aws-mfa
tries to execute its arguments. aws-mfa aws
would run the aws cli, aws-mfa kitchen
would run test-kitchen, and so on. You can safely setup an alias with alias aws=aws-mfa aws
. With the alias, if you had set up autcompletion for aws
it will still work.