Categorygithub.com/opensourceprojects/mfaws
modulepackage
1.0.3
Repository: https://github.com/opensourceprojects/mfaws.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
1
Dependents
0
Files
4 SLOC

# README

mfaws

AWS Multi-Factor Authentication manager

Build Status GitHub release License: MIT

Installation

Install script (Linux & macOS)

curl -sL --proto-redir -all,https https://raw.githubusercontent.com/pbar1/mfaws/master/install.sh | sh

Chocolatey (Windows)

choco install mfaws

AUR (Arch Linux)

git clone https://aur.archlinux.org/mfaws-bin.git
cd mfaws-bin
makepkg -si

Or, if you have an AUR helper like aurman,

aurman -S mfaws-bin

Brew (macOS & Linux)

coming soon!

Usage

AWS Multi-Factor Authentication manager

Usage:
  mfaws [flags]

Flags:
  -a, --assume-role string         ARN of IAM role to assume [MFA_ASSUME_ROLE]
  -c, --credentials-file string    Path to AWS credentials file (default "~/.aws/credentials") [AWS_SHARED_CREDENTIALS_FILE]
  -d, --device string              ARN of MFA device to use [MFA_DEVICE]
  -l, --duration int               Duration in seconds for credentials to remain valid (default assume-role ? 3600 : 43200) [MFA_STS_DURATION]
  -f, --force                      Force credentials to refresh even if not expired
  -h, --help                       help for mfaws
      --long-term-suffix string    Suffix appended to long-term profiles (default "-long-term")
  -p, --profile string             Name of profile to use in AWS credentials file (default "default") [AWS_PROFILE]
  -s, --role-session-name string   Session name when assuming a role
      --short-term-suffix string   Suffix appended to short-term profiles (default "")
  -t, --token string               MFA token to use for authentication
  -v, --verbose                    Enable verbose output

Examples

Using the default profile

Make sure you have the following in your $HOME/.aws/credentials file:

[default-long-term]
aws_access_key_id     = $YOUR_AWS_ACCESS_KEY_ID
aws_secret_access_key = $YOUR_AWS_SECRET_ACCESS_KEY
aws_mfa_device        = $YOUR_MFA_DEVICE_ARN

Then, simply run

mfaws

to fetch temporary credentials for your default AWS profile. More advanced configuration is possible (see Usage).

Combine mfaws with oathtool

Set an alias for generating your MFA token, then pipe it into mfaws:

alias otp-aws="oathtool --totp --base32 $YOUR_AWS_TOTP_KEY"

otp-aws | mfaws -t -

Todo

Subcommands:

  • setup, to configure long term profiles
  • check time left on short term creds

Continuous integration

  • Deploy to Homebrew

Other:

  • Documentation
  • Testing
  • Debug and error logging

# Packages

No description provided by the author