Create temporary credentials in your MFA-enabled IAM account.
If you are using a Mac, you can use brew.
$ brew tap naomichi-y/aws-assume-role
$ brew install naomichi-y/aws-assume-role/aws-assume-roleIf the Go command is available.
$ go install github.com/naomichi-y/aws-assume-role@latestDefine MFA enabled accounts in the profile.
~/.aws/credentials
[test]
aws_access_key_id = ***
aws_secret_access_key= ***
mfa_serial=(arn-of-the-mfa-device)
duration_seconds=3600
Temporary credentials can be created by running the aws-assume-role command and specifying an MFA profile and token.
$ aws-assume-role
AWS profile [default]: test
Token code: ***
Access key ID: ***
Successfully updated test-assume profile. [~/.aws/credentials]Temporary credentials are written to a credential file in the format {PROFILE}-assume.
$ cat ~/.aws/credentials
[test-assume]
aws_access_key_id = ***
aws_secret_access_key = ***
aws_session_token = ***You need to add region settings in config.
$ cat ~/.aws/config
[test-assume]
region=(region)
output=jsonYou can execute AWS commands via Assume role.
$ aws --profile test-assume sts get-caller-identity
{
"UserId": "***,
"Account": "***",
"Arn": "***"
}