#!/usr/bin/env bash

USER=${1?specify the user}
PROFILE=${AWS_PROFILE:-$2}
ACCOUNT_ID=${ACCOUNT_ID:-$3}

set -ue -o pipefail

echo -n "Enter MFA code for arn:aws:iam::${ACCOUNT_ID}:mfa/${USER}: "
read MFA_CODE
CREDENTIALS=$(aws sts get-session-token \
    --serial-number "arn:aws:iam::${ACCOUNT_ID}:mfa/${USER}" \
    --token-code "${MFA_CODE}" \
    --profile "${PROFILE}" \
    --query "Credentials.[AccessKeyId, SecretAccessKey, SessionToken]" \
    --output text
)
IFS=$'\t' read -r -a CREDENTIALS_ARRAY <<< "${CREDENTIALS}"

ACCESS_KEY_ID=${CREDENTIALS_ARRAY[0]}
SECRET_ACCESS_KEY=${CREDENTIALS_ARRAY[1]}
SESSION_TOKEN=${CREDENTIALS_ARRAY[2]}

aws configure set aws_access_key_id "${ACCESS_KEY_ID}" --profile "${PROFILE}-mfa"
aws configure set aws_secret_access_key "${SECRET_ACCESS_KEY}" --profile "${PROFILE}-mfa"
aws configure set aws_session_token "${SESSION_TOKEN}" --profile "${PROFILE}-mfa"
aws configure set region "eu-west-1" --profile "${PROFILE}-mfa"

echo "MFA Credential set! Use them with --profile ${PROFILE}-mfa"