我想~/.aws/credentials文件中设置我的MFA配置文件凭据(即AceessKeyId,SecrectAccessKey,SessionToken(。有没有 shell 命令来做这件事?
例如:如果我执行aws configure set default.aws_secret_access_key 'myaccesskey'那么凭据文件将使用此给定的访问密钥进行更新。
但是,如果我使用aws configure set mfa.aws_secret_access_key 'myaccesskey'键入相同的命令,它不会在凭据文件中更新~/.aws/config而是文件将使用如下所示的格式进行更新。
mfa =
aws_secret_access_key = myaccesskey
我的目标是,~/.aws/credentials文件应该在MFA配置文件下更新。喜欢
[default]
aws_secret_access_key = ****
****** = ******
[mfa]
aws_secret_access_key = myaccesskey
aws_accesskeyid = *****
aws_sessionToken = ****
region = ****
您可以使用--profile参数将配置文件传递给aws configure命令。
aws configure set aws_secret_access_key 'myaccesskey' --profile mfa
参考:
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
我使用这个aws-mfa项目。 对于这种事情,这是一个超级简单的python项目。
使用示例:
使用命令行参数:
aws-mfa --duration 1800 --device arn:aws:iam::123456788990:mfa/dudeman
INFO - Using profile: default
INFO - Your credentials have expired, renewing.
Enter AWS MFA code for device [arn:aws:iam::123456788990:mfa/dudeman] (renewing for 1800 seconds):123456
INFO - Success! Your credentials will expire in 1800 seconds at: 2015-12-21 23:07:09+00:00
使用配置文件:(配置文件允许您引用不同的凭据集,可能针对不同的用户或不同的区域(:
aws-mfa --duration 1800 --device arn:aws:iam::123456788990:mfa/dudeman --profile development
INFO - Using profile: development
Enter AWS MFA code for device [arn:aws:iam::123456788990:mfa/dudeman] (renewing for 1800 seconds):666666
INFO - Success! Your credentials will expire in 1800 seconds at: 2015-12-21 23:09:04+00:00
担任角色:
aws-mfa --duration 1800 --device arn:aws:iam::123456788990:mfa/dudeman --assume-role arn:aws:iam::123456788990:role/some-role --role-session-name some-role-session
INFO - Validating credentials for profile: default with assumed role arn:aws:iam::123456788990:role/some-role
INFO - Obtaining credentials for a new role or profile.
Enter AWS MFA code for device [arn:aws:iam::123456788990:mfa/dudeman] (renewing for 1800 seconds):123456
INFO - Success! Your credentials will expire in 1800 seconds at: 2016-10-24 18:58:17+00:00