def cli_mfa_code(): """ Generates a TOTP code using an MFA token. """ parser = get_parser() parser.add_argument("token_name", help="Name of the token to use.").completer = \ ChoicesCompleter(list_mfa_tokens()) argcomplete.autocomplete(parser) args = parser.parse_args() print(mfa_generate_code(args.token_name))
def assume_role(role_arn, mfa_token_name=None, duration_minutes=60): sts = boto3.client("sts") if mfa_token_name: token = mfa_read_token(mfa_token_name) code = mfa_generate_code(mfa_token_name) response = sts.assume_role(RoleArn=role_arn, RoleSessionName="n-sess-" + id_generator(), SerialNumber=token['token_arn'], TokenCode=code, DurationSeconds=(duration_minutes * 60)) else: response = sts.assume_role(RoleArn=role_arn, RoleSessionName="n-sess-" + id_generator(), DurationSeconds=(duration_minutes * 60)) return response['Credentials']
def session_to_env(): """ Export current session as environment variables """ parser = get_parser() parser.add_argument("-t", "--token-name", help="Name of the mfs token to use.").completer = \ ChoicesCompleter(list_mfa_tokens()) parser.add_argument("-d", "--duration-minutes", type=int, default=60, help="Duration in minutes for the session token. Default to 60") argcomplete.autocomplete(parser) args = parser.parse_args() call_args = {"duration_minutes": args.duration_minutes} if args.token_name: call_args["token_arn"] = mfa_read_token(args.token_name)["token_arn"] call_args["token_value"] = mfa_generate_code(args.token_name) creds = session_token(**call_args) if creds: print("AWS_ACCESS_KEY_ID=\"" + creds['AccessKeyId'] + "\"") print("AWS_SECRET_ACCESS_KEY=\"" + creds['SecretAccessKey'] + "\"") print("AWS_SESSION_TOKEN=\"" + creds['SessionToken'] + "\"") print("AWS_SESSION_EXPIRATION=\"" + creds['Expiration'].strftime("%a, %d %b %Y %H:%M:%S +0000") + "\"") print("export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_SESSION_EXPIRATION")