Authenticating with MFA when you run any AWS CLI commands as switched IAM roles

This post is an introduction for the awesome tool, swrole.
2020.04.06

This post is an introduction for the awesome tool, swrole.

The situation is below.

  • you have an IAM user on account A
  • you have an IAM role on account B
  • Switching roles from account A requires MFA

Getting Started

Installing

brew tap tilfin/aws
brew install swrole

Configuring Profiles

Configure your profiles in your ~/.aws/credentials like followings.

[default]
aws_access_key_id=XXXXXXXXXXXXXXX
aws_secret_access_key=YYYYYYYYYYYYYYYYYYYYYYYYYYYY

[accountB]
source_profile = default
role_arn = arn:aws:iam::xxxxxxxxxxxx:role/cm-takagi.kensuke
mfa_serial = arn:aws:iam::yyyyyyyyyyyy:mfa/cm-takagi.kensuke

Usage

swrole accountB

Then, type your temporary token generated by your (virtual)? device.

You are on a new bash process, if authentication is succeeded. Now, you can any commands requires auth with MFA.

yarn cdk diff
yarn cdk deploy

Thank you to create the great tool, tilfin!!