#!/bin/bash # Fetch 24-hour AWS STS session token and set appropriate environment variables. # See http://docs.aws.amazon.com/cli/latest/reference/sts/get-session-token.html . # You must have jq installed and in your PATH https://stedolan.github.io/jq/ . # Add this function to your .bashrc or save it to a file and source that file from .bashrc . # Usage: aws-creds MFA_TOKEN [OTHER_AWS_STS_GET-SESSION-TOKEN_OPTIONS] function aws-creds () { if [[ ! $1 ]]; then echo "aws-creds: missing required argument: TOKEN_CODE" 1>&2 return 99 fi # replace USER and 12_DIGIT_ACCOUNT_NUMBER with appropriate values local iam_user="USER" local aws_account="12_DIGIT_ACCOUNT_NUMBER" local rv creds_json creds_json=$(set -o pipefail; aws --output json sts get-session-token --duration-seconds 86400 --serial-number "arn:aws:iam::$aws_account:mfa/$iam_user" --token-code "$@") rv="$?" if [[ $rv -ne 0 || ! $creds_json ]]; then echo "aws-creds: failed to get credentials: $creds_json" 1>&2 return "$rv" fi local jq="jq --exit-status --raw-output" AWS_ACCESS_KEY_ID=$(echo "$creds_json" | $jq .Credentials.AccessKeyId) rv="$?" if [[ $rv -ne 0 || ! $AWS_ACCESS_KEY_ID ]]; then echo "aws-creds: failed to parse output for AWS_ACCESS_KEY_ID: $creds_json" 1>&2 return "$rv" fi AWS_SECRET_ACCESS_KEY=$(echo "$creds_json" | $jq .Credentials.SecretAccessKey) rv="$?" if [[ $rv -ne 0 || ! $AWS_SECRET_ACCESS_KEY ]]; then echo "aws-creds: failed to parse output for AWS_SECRET_ACCESS_KEY: $creds_json" 1>&2 return "$rv" fi AWS_SESSION_TOKEN=$(echo "$creds_json" | $jq .Credentials.SessionToken) rv="$?" if [[ $rv -ne 0 || ! $AWS_SESSION_TOKEN ]]; then echo "aws-creds: failed to parse output for AWS_SESSION_TOKEN: $creds_json" 1>&2 return "$rv" fi export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN echo -e "AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID\nAWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY\nAWS_SESSION_TOKEN=$AWS_SESSION_TOKEN\nexport AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN" }