https://github.com/vandot/awstoken
Bash wrapper around awscli for easy temporary security credential generation for AWS API
https://github.com/vandot/awstoken
aws-cli get-session-token mfa sts
Last synced: about 2 months ago
JSON representation
Bash wrapper around awscli for easy temporary security credential generation for AWS API
- Host: GitHub
- URL: https://github.com/vandot/awstoken
- Owner: vandot
- License: bsd-3-clause
- Created: 2018-04-11T00:29:36.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2019-11-11T21:48:02.000Z (over 6 years ago)
- Last Synced: 2025-03-01T16:23:20.801Z (over 1 year ago)
- Topics: aws-cli, get-session-token, mfa, sts
- Language: Shell
- Size: 17.6 KB
- Stars: 3
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
Awstoken is a bash wrapper around awscli for easy temporary security credential generation for AWS API.
More about AWS temporary security credential [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
Main purpose is to be able easily to force MFA for all users even for API access.
More about forcing MFA [here](https://www.trek10.com/blog/improving-the-aws-force-mfa-policy-for-IAM-users/).
Now developers AWS_KEY will never be introduced into production :)
## Requirements
1. [awscli](https://aws.amazon.com/cli/) - `pip install awscli`
## Install
- download **.awstoken** into your $HOME folder
- source **.awstoken** into your bash/zsh/ksh env `. ~/.awstoken`
Easy way to install is with this command, it will download **.awstoken** into your $HOME folder and add `. ~/.awstoken` at the bottom of your **rcfile**
`curl -s https://raw.githubusercontent.com/vandot/awstoken/master/install.sh | $SHELL`
## Usage
- Basic usage `awstoken -u user -t 123456 -a 012345678910`
- You can specify different aws profiles defined inside `~/.aws/credentials` using **-p**
- For help `awstoken -h`
## Power usage
You can put user and account variables inside profile block in `~/.aws/credentials`, awscli just skips those values so credential file is still valid.
```
[default]
aws_access_key_id = AWSACCESSKEY
aws_secret_access_key = AWSSECRETACCESSKEY
user = username
account = 012345678910
```
## Insecure mode
You can choose to save your temporary credentials so you can reuse them in other shell.
To enable it you can manualy change `INSECURE` to `true` in `~/.awstoken` or install it with `insecure` option
`curl -s https://raw.githubusercontent.com/vandot/awstoken/master/install.sh | $SHELL -s -- insecure`
To load temp credentials in other shell run command with selected profile
`awstoken -p profile`
## How it works
After obtaining temporary security credentials using `sts get-session-token` sets and exports
- *AWS_ACCESS_KEY_ID*
- *AWS_SECRET_ACCESS_KEY*
- *AWS_SESSION_TOKEN*
## License
Unless otherwise noted, the awstoken source files and binaries are distributed under the BSD-style license found in the LICENSE file.