...
Code Block | ||
---|---|---|
| ||
# Confirm that IAM user credentials are working $ aws sts get-caller-identity { "UserId": "AIDAXXXXXXXXXXXXXXXXX", "Account": "123456789012", "Arn": "arn:aws:iam::123456789012:user/pea1" } # Generate temporary credentials. The code from the MFA is "987654" at the time the command is executed $ aws sts get-session-token --serial-number arn:aws:iam::123456789012:mfa/pea1 --token-code 987654 { "Credentials": { "AccessKeyId": "ASIAYYYYYYYYYYYYYYYY", "SecretAccessKey": "ABC****************************************", "SessionToken": "DEF********************************************************************************", "Expiration": "2020-06-13T01:29:49Z" } } # Setup environment to use the new temporary credentials $ export AWS_ACCESS_KEY_ID=ASIAYYYYYYYYYYYYYYYY $ export AWS_SECRET_ACCESS_KEY=ABC**************************************** $ export AWS_SESSION_TOKEN=DEF******************************************************************************** # Unfortunately, you cannot tell that the new session is temporary or that MFA was involved. $ aws sts get-caller-identity { "UserId": "AIDAXXXXXXXXXXXXXXXXX", "Account": "123456789012", "Arn": "arn:aws:iam::123456789012:user/pea1" } $ |
See also https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/