mh-pub/awsmfa
1
0
Fork 0
Code Issues Pull requests Projects Releases 4 Packages Wiki Activity Actions
No description
17 commits 2 branches 4 tags 297 KiB
Find a file
Exact
ddsri 7350a3153a
 Merge pull request #2 from samyojaka/development 
optimize
2025-09-06 10:48:03 +05:30
extras upds 2025-09-03 18:17:38 +05:30
LICENCE Create LICENCE 2025-07-10 16:04:31 +05:30
mfa.py optimize 2025-09-06 10:42:39 +05:30
README.md upds 2025-09-03 18:21:43 +05:30
requirements.txt Create requirements.txt 2025-07-10 16:16:29 +05:30

README.md

aws-mfa (mfa.py)

Prerequisites This script is built on python on version 3.12.3 and latest pip version

  1. User must have MFA device assigned to their iam user profile.
  2. User must have awscli installed on their local machine.
  3. User must have valid access key & secret key assigned to their iam user profile.
  4. User must have basic info in ~/.aws/credentials & ~/.aws/config file.

If user requires to access resources in multiple regions, user should change certain settings in their aws account to get sts global endpoint access. To achieve this prerequisite action user must follow steps as shown below.

  1. Login to aws console with your user credentials.
  2. Go to IAM service.
  3. Click on "Account Settings" from left side menu.
  4. Change Global Endpoint setting to "Valid in all AWS Regions".
  5. Save changes.

alt text 6. Now user can access resources in multiple regions with temporary credentials.

Following libraries are required to be pre-installed via pip before running this command. boto3==1.38.28 botocore==1.38.28 pytz==2025.2

Info steps:

This script tool is based on python which allows our aws iam user to connect to ec2 instance nodes with temporary api keys only if created with mfa set user's iam profile. This script fetches available details ~/.aws/credentails & ~/.aws/config from local machine and runs asks for input based on availble details.

The current info in aws config & credentials only contains basic information required by awscli. alt text

When running the script with # python3 mfa.py. Script will analyse current info in the local files and ask for input accordingly. alt text Once all corect input is provided, script will save temporary credentials in credentials file and mfa_serial in config file which can be checked in file.

Original credentials are stored in [{profile}::source-profile] & temporary credentials stored in [{profile}]. alt text

When the temporary credentials are expired and user wants to generate new credentials, just run the script again with [python3 mfa.py]. This script will autmatically replace old credentials with new one. alt text

(Optional) Once the above processes are complete, next time user can also use argument based values to generate session tokens.

python3 mfa.py --profile --region --duration --mfa-code

alt text

Note: Run this script from same directory where script is there or give full path of script.

Info: Refer Official-docs