Versions Compared

Old Version 5

changes.mady.by.user Paul Allen

Saved on

compared with

New Version Current

changes.mady.by.user Paul Allen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
# Confirm that IAM user credentials are working
$ aws sts get-caller-identity
{
	"UserId": "AIDAXXXXXXXXXXXXXXXXX",
	"Account": "123456789012",
	"Arn": "arn:aws:iam::123456789012:user/pea1"
}

# Generate temporary credentials. The code from the MFA is "987654" at the time the command is executed
$ aws sts get-session-token --serial-number arn:aws:iam::123456789012:mfa/pea1 --token-code 987654
{
	"Credentials": {
		"AccessKeyId": "ASIAYYYYYYYYYYYYYYYY",
		"SecretAccessKey": "ABC****************************************",
		"SessionToken": "DEF********************************************************************************",
		"Expiration": "2020-06-13T01:29:49Z"
	}
}
 
# Setup environment to use the new temporary credentials
$ export AWS_ACCESS_KEY_ID=ASIAYYYYYYYYYYYYYYYY
$ export AWS_SECRET_ACCESS_KEY=ABC****************************************
$ export AWS_SESSION_TOKEN=DEF********************************************************************************
 
# Unfortunately, you cannot tell that the new session is temporary or that MFA was involved.
$ aws sts get-caller-identity
{
	"UserId": "AIDAXXXXXXXXXXXXXXXXX",
	"Account": "123456789012",
	"Arn": "arn:aws:iam::123456789012:user/pea1"
}
$

See also https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/