...
Generating Temporary Security Credentials
Example CLI
Code Block | ||
---|---|---|
| ||
# Confirm that IAM user credentials are working $ aws sts get-caller-identity { "UserId": "AIDAXXXXXXXXXXXXXXXXX", "Account": "123456789012", "Arn": "arn:aws:iam::123456789012:user/pea1" } # Generate temporary credentials. The code from the MFA is "987654" at the time the command is executed $ aws sts get-session-token --serial-number arn:aws:iam::123456789012:mfa/pea1 --token-code 987654 { "Credentials": { "AccessKeyId": "ASIAYYYYYYYYYYYYYYYY", "SecretAccessKey": "ABC****************************************", "SessionToken": "DEF********************************************************************************", "Expiration": "2020-06-13T01:29:49Z" } } |
...
# Setup environment to use the new temporary credentials
$ export AWS_ACCESS_KEY_ID=ASIAYYYYYYYYYYYYYYYY
$ export AWS_SECRET_ACCESS_KEY=ABC****************************************
$ export AWS_SESSION_TOKEN=DEF********************************************************************************
# Unfortunately, you cannot tell that the new session is temporary or that MFA was involved.
$ aws sts get-caller-identity
{
"UserId": "AIDAXXXXXXXXXXXXXXXXX",
"Account": "123456789012",
"Arn": "arn:aws:iam::123456789012:user/pea1"
}
$ |