def cli_mfa_code():
""" Generates a TOTP code using an MFA token. """
parser = get_parser()
parser.add_argument("token_name",
help="Name of the token to use.").completer = \
ChoicesCompleter(list_mfa_tokens())
argcomplete.autocomplete(parser)
args = parser.parse_args()
print(mfa_generate_code(args.token_name))
def assume_role(role_arn, mfa_token_name=None, duration_minutes=60):
sts = boto3.client("sts")
if mfa_token_name:
token = mfa_read_token(mfa_token_name)
code = mfa_generate_code(mfa_token_name)
response = sts.assume_role(RoleArn=role_arn,
RoleSessionName="n-sess-" + id_generator(),
SerialNumber=token['token_arn'],
TokenCode=code,
DurationSeconds=(duration_minutes * 60))
else:
response = sts.assume_role(RoleArn=role_arn,
RoleSessionName="n-sess-" + id_generator(),
DurationSeconds=(duration_minutes * 60))
return response['Credentials']
def session_to_env():
""" Export current session as environment variables """
parser = get_parser()
parser.add_argument("-t", "--token-name",
help="Name of the mfs token to use.").completer = \
ChoicesCompleter(list_mfa_tokens())
parser.add_argument("-d", "--duration-minutes", type=int, default=60,
help="Duration in minutes for the session token. Default to 60")
argcomplete.autocomplete(parser)
args = parser.parse_args()
call_args = {"duration_minutes": args.duration_minutes}
if args.token_name:
call_args["token_arn"] = mfa_read_token(args.token_name)["token_arn"]
call_args["token_value"] = mfa_generate_code(args.token_name)
creds = session_token(**call_args)
if creds:
print("AWS_ACCESS_KEY_ID=\"" + creds['AccessKeyId'] + "\"")
print("AWS_SECRET_ACCESS_KEY=\"" + creds['SecretAccessKey'] + "\"")
print("AWS_SESSION_TOKEN=\"" + creds['SessionToken'] + "\"")
print("AWS_SESSION_EXPIRATION=\"" + creds['Expiration'].strftime("%a, %d %b %Y %H:%M:%S +0000") + "\"")
print("export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_SESSION_EXPIRATION")