Authenticating with MFA when you run any AWS CLI commands as switched IAM roles

This post is an introduction for the awesome tool, swrole.

The situation is below.

• you have an IAM user on account A
• you have an IAM role on account B
• Switching roles from account A requires MFA

Getting Started

Installing

brew tap tilfin/aws
brew install swrole

Configuring Profiles

Configure your profiles in your ~/.aws/credentials like followings.

[default]
aws_access_key_id=XXXXXXXXXXXXXXX
aws_secret_access_key=YYYYYYYYYYYYYYYYYYYYYYYYYYYY

[accountB]
source_profile = default
role_arn = arn:aws:iam::xxxxxxxxxxxx:role/cm-takagi.kensuke
mfa_serial = arn:aws:iam::yyyyyyyyyyyy:mfa/cm-takagi.kensuke

Usage

swrole accountB

Then, type your temporary token generated by your (virtual)? device.

You are on a new bash process, if authentication is succeeded. Now, you can any commands requires auth with MFA.

yarn cdk diff
yarn cdk deploy

Thank you to create the great tool, tilfin!!