Authenticating with MFA when you run any AWS CLI commands as switched IAM roles
This post is an introduction for the awesome tool, swrole.
2020.04.06
この記事は公開されてから1年以上経過しています。情報が古い可能性がありますので、ご注意ください。
This post is an introduction for the awesome tool, swrole.
The situation is below.
- you have an IAM user on account A
- you have an IAM role on account B
- Switching roles from account A requires MFA
Getting Started
Installing
brew tap tilfin/aws
brew install swrole
Configuring Profiles
Configure your profiles in your ~/.aws/credentials like followings.
[default]
aws_access_key_id=XXXXXXXXXXXXXXX
aws_secret_access_key=YYYYYYYYYYYYYYYYYYYYYYYYYYYY
[accountB]
source_profile = default
role_arn = arn:aws:iam::xxxxxxxxxxxx:role/cm-takagi.kensuke
mfa_serial = arn:aws:iam::yyyyyyyyyyyy:mfa/cm-takagi.kensuke
Usage
swrole accountB
Then, type your temporary token generated by your (virtual)? device.
You are on a new bash process, if authentication is succeeded. Now, you can any commands requires auth with MFA.
yarn cdk diff
yarn cdk deploy
Thank you to create the great tool, tilfin!!
