-
Notifications
You must be signed in to change notification settings - Fork 717
/
aws_tmp_credentials.sh
47 lines (39 loc) · 1.35 KB
/
aws_tmp_credentials.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/bin/bash
if [ -z "$1" ]
then
echo "MFA device argument not supplied"
exit 1
else
# The value is either the serial number for a hardware device (such as GAHT12345678 ) or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).
MFA_DEVICE_ID=$1
fi
if [ -z "$2" ]
then
echo "Duration argument not supplied"
else
DURATION=$2 # The duration, in seconds, that the credentials should remain valid
fi
if [ "$DURATION" -lt 900 ]
then
echo "Acceptable durations for IAM user sessions range from 900 seconds. Setting to this value..."
DURATION=900
fi
if [ -z "$3" ]
then
echo "Token argument not supplied"
exit 1
else
TOKEN=$3 # The value provided by the MFA device
fi
echo "Getting temporal AWS credentials for $MFA_DEVICE_ID"
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SESSION_TOKEN
aws sts get-session-token --serial-number $MFA_DEVICE_ID --duration-seconds $DURATION --token-code $TOKEN |
jq -r \
--arg aki "AWS_ACCESS_KEY_ID:" \
--arg asak "AWS_SECRET_ACCESS_KEY:" \
--arg ast "AWS_SESSION_TOKEN:" \
'.Credentials|($aki + " " + .AccessKeyId),($asak + " " + .SecretAccessKey),($ast + " " + .SessionToken)'
DURATION_IN_MINUTES=$(awk "BEGIN {print $DURATION / 60}")
echo "Credentials remain valid for $DURATION_IN_MINUTES minutes"