AWS 임시 자격 증명을 생성하고 프로필로 추가

🚀 AWS SSO 외에도 자동 스크립트를 사용하여 임시 자격 증명을 생성하고 [mfa] 프로필로 추가할 수 있습니다.



참조: https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/

#!/bin/bash
# Generate Temp cred and promote it as a new profile
# Run script whenever the session token expired
set -e

tmp_file=$(mktemp /tmp/temp-cred.XXXXX)
aws sts get-session-token --serial-number arn:aws:iam::111111111111:mfa/my.mfa --token-code "$1" > "$tmp_file"

sed -i '/\[mfa\]/,/^\s*$/{d}' ~/.aws/credentials

cat<<EOF >>~/.aws/credentials
[mfa]
aws_access_key_id = $(cat ${tmp_file} | jq '.[] | .AccessKeyId' | sed 's/"//g')
aws_secret_access_key = $(cat ${tmp_file} | jq '.[] | .SecretAccessKey' | sed 's/"//g')
aws_session_token = $(cat ${tmp_file} | jq '.[] | .SessionToken' | sed 's/"//g')
EOF

rm $tmp_file


🚀 테스트




⚡ $ ./short-term-cred.sh 1234

⚡ $ cat ~/.aws/credentials
[default]
aws_access_key_id = example-access-key
aws_secret_access_key = example-secret-access


[mfa]
aws_access_key_id = example-access-key-as-in-returned-output
aws_secret_access_key = example-secret-access-key-as-in-returned-output
aws_session_token = example-session-Token-as-in-returned-output



⚡ $ aws elbv2 describe-target-groups --region ap-northeast-1 --profile mfa | grep TargetGroupArn | wc -l 
35



· Github · 편물 · · · 페이지 ·

좋은 웹페이지 즐겨찾기