If you have set up the Multi-factor Authentication for your AWS account in order to use AWS CLI with this account you'll need to use Authenticator app to generate temporary credentials. Our AWS MFA CLI does that for you and creates a new temporary account within ~/.aws/credentials file.
npm install -g aws-mfa-cliRequirements: Node.js v20+
# Basic usage with CLI options
mfa --profile mfa-profile --account 123456789012 --user john.doe
# With custom duration (1 hour)
mfa -p dev-mfa -a 123456789012 -u john.doe -d 3600You can also set up environment variables instead of passing CLI options every time:
- Create a
.envfile in your project directory or set environment variables:
TOKEN_PROFILE_NAME=mfa-profile
ACCOUNT_NUMBER=123456789012
ACCOUNT_NAME=your.username
MAIN_PROFILE_NAME=default
TOKEN_TTL=43200- Run the command:
mfa--profile, -p- AWS profile name to update (default: from TOKEN_PROFILE_NAME env var)--account, -a- AWS account number (default: from ACCOUNT_NUMBER env var)--user, -u- MFA device user name (default: from ACCOUNT_NAME env var)--source, -s- Source profile name (default: from MAIN_PROFILE_NAME env var or 'default')--duration, -d- Token duration in seconds (default: from TOKEN_TTL env var or 43200)
TOKEN_PROFILE_NAME- The name of the new temporary profile (e.g.,mfa)MAIN_PROFILE_NAME- The name of your main AWS profile. More details on the initial AWS CLI configuration hereACCOUNT_NUMBER- Your main AWS account ID. How to find your AWS IDACCOUNT_NAME- Your IAM User name. To find it use this instruction, but instead look forIAM Userin a dropdownTOKEN_TTL- Defines for how many seconds the temporary account is valid. Max value is129600seconds (36 hours)
- Run the command with either CLI options or environment variables
- Input an MFA token from your authenticator app when prompted
- Press enter and wait for the app to finish
- Done! You can use your newly generated AWS profile within the specified duration
We'll be happy to help if you have any issues or suggestions. PRs are welcome!