An awscli plugin to authenticate and retrive AWS temporary credentials using a MFA device.
This plugin was published in pypi.org. So the installation can be done using pip.
$ pip3 install --user aws-mfa-pluginNOTE: We recommend installing inside user-site
If you are using awscli v1 configuring plugin is pretty simple.
$ aws configure set plugins.mfa aws-mfaOtherwise, If you are using awscli v2, there is a need for additional config. see for more details.
$ aws configure set plugins.cli_legacy_plugin_path $(python3 -m site --user-site)Assumed the plugin installed inside user-site
If you configure correctly the plugin will become a subcommand of aws command.
$ aws mfaBefore using this plugin to retrieve temporary credentials you need to configure mfa_serial device.
$ aws configure set mfa_serial <your-mfa-serial-device>To retrive temporary credentials
$ aws mfa cred-env
MFA Token for (arn:aws:iam::1234567890:mfa/username): 123456
export AWS_ACCESS_KEY_ID=<access-key-id>
export AWS_SECRET_ACCESS_KEY=<access-secret-key>
export AWS_SESSION_TOKEN=<token>Or you can directly set these temporary credentials as environment variable by using eval command
$ eval $(aws mfa cred-env)
MFA Token for (arn:aws:iam::1234567890:mfa/username): 123456This project licensed under MIT LICENSE, see LICENSE.