Awstoken is a bash wrapper around awscli for easy temporary security credential generation for AWS API.
More about AWS temporary security credential here.
Main purpose is to be able easily to force MFA for all users even for API access. More about forcing MFA here. Now developers AWS_KEY will never be introduced into production :)
- awscli -
pip install awscli
- download .awstoken into your $HOME folder
- source .awstoken into your bash/zsh/ksh env
. ~/.awstoken
Easy way to install is with this command, it will download .awstoken into your $HOME folder and add . ~/.awstoken at the bottom of your rcfile
curl -s https://raw.githubusercontent.com/vandot/awstoken/master/install.sh | $SHELL
- Basic usage
awstoken -u user -t 123456 -a 012345678910 - You can specify different aws profiles defined inside
~/.aws/credentialsusing -p - For help
awstoken -h
You can put user and account variables inside profile block in ~/.aws/credentials, awscli just skips those values so credential file is still valid.
[default]
aws_access_key_id = AWSACCESSKEY
aws_secret_access_key = AWSSECRETACCESSKEY
user = username
account = 012345678910
You can choose to save your temporary credentials so you can reuse them in other shell.
To enable it you can manualy change INSECURE to true in ~/.awstoken or install it with insecure option
curl -s https://raw.githubusercontent.com/vandot/awstoken/master/install.sh | $SHELL -s -- insecure
To load temp credentials in other shell run command with selected profile
awstoken -p profile
After obtaining temporary security credentials using sts get-session-token sets and exports
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_SESSION_TOKEN
Unless otherwise noted, the awstoken source files and binaries are distributed under the BSD-style license found in the LICENSE file.