Command-line tool for MFA authentication for the AWS CLI.
Manages the AWS credentials file to be used with the AWS CLI under MFA authentication and will, by default, ask for the MFA token for the default profile (you must add MFA serial to AWS config file).
You must have valid authentication for AWS CLI already set up to successfully call the AWS STS. The authentication file is similar to the AWS credentials file and must be located in the same folder.
The tool will generate temporary credential accesses and manage them on the AWS credentials file.
usage: awslogin [options]
AWS MFA Tool
optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
--profile PROFILE aws profile to get mfa serial. (default: default)
--token TOKEN mfa token to login. (default: None)
--config CONFIG_FILE path to aws config file. (default: <path to>/.aws/config)
--mfa MFA_FILE path to mfa credentials file. (default: <path to>/.aws/mfa_credentials)
--aws AWS_FILE path to aws credentials file. (default: <path to>/.aws/credentials)
--export show export command, does NOT update credentials file.(default: False)
--list list all profiles on AWS folder. (default: False)
Helping manage AWS Session tokens for MFA authentication.
The AWS CLI uses two files for configuration (config) and authentication (credentials), and they must be located under the path ~/.aws (Linux and MAC) or c:\~\.aws (Windows). The ~ indicates the path to the user's home folder.
The tool will create and maintain the credentials file with temporary access granted via MFA authentication. The expiration time for the session token will be the default one defined by AWS Security Token Service (to know more).
To use this tool, you will need to create a config file with your mfa_serial identification and a mfa_credentials file with your access keys to the AWS account where mfa_serial is configured.
The default path to all three files can be check using awslogin -h. If needed, it is possible to specify the path for each file, check the optional arguments.
Example for a config file with profiles:
[default]
region = us-east-1
output = json
[company]
mfa_serial = arn:aws:iam::000000000000:mfa/user.name
region = eu-west-1
output = json
[datalake]
mfa_serial = arn:aws:iam::888888888888:mfa/user.name
region = us-east-2
output = json
Example for a mfa_credentials file with profiles:
[default]
aws_access_key_id = *******
aws_secret_access_key = *******
[company]
aws_access_key_id = *******
aws_secret_access_key = *******
[datalake]
aws_access_key_id = *******
aws_secret_access_key = *******
The credentials file will be maintained by the tool and will have something similar to this:
[default]
aws_access_key_id = ********
aws_secret_access_key = *******
aws_session_token = *******
aws_session_token_expiration = <datetime>
[company]
aws_access_key_id = ********
aws_secret_access_key = *******
aws_session_token = *******
aws_session_token_expiration = <datetime>
[datalake]
aws_access_key_id = *******
aws_secret_access_key = *******
aws_session_token = *******
aws_session_token_expiration = <datetime>
Python 3.7+AWS CLI installed(instructions)MFA enabled on AWS account(instructions)Access keys to AWS account(instructions)
You can use pip to install:
pip3 install aws-mfa-toolsYou can install directly from Github:
pip3 install --user git+https://github.com/FerrariDG/aws-mfa-tools.gitOr you can clone the repository:
pip3 install --user <full path to>/aws-mfa-tools