ProHoster > Блог > Gudanarwa > AWS CLI ta hanyar MFA

AWS CLI ta hanyar MFA

Na gaba zai zama umarni don saita AWS MFA, sannan shigarwa da daidaitawa AWS CLI.

Abin takaici, wannan tilas ɗin ta ɗauki rabin ranar aiki na. Don haka sauran masu amfani da AWS marasa tsaro 😉, kamar ni kaina, kada ku ɓata lokaci mai mahimmanci akan abin da ba shi da mahimmanci, Na yanke shawarar tattara umarni.

Ko don saitin asusun sandbox MFA Wannan yawanci buƙatu ne na wajibi. Haka abin yake da mu.

Saita MFA

  1. Saiti m mobile app
  2. Je zuwa AWS console
  3. Takardun Tsaro na -> Sanya Na'urar MFA
    AWS CLI ta hanyar MFA
  4. Na'urar MFA ta Virtual
    AWS CLI ta hanyar MFA
  5. Bi umarnin kan allon
    AWS CLI ta hanyar MFA
    AWS CLI ta hanyar MFA
  6. An shirya na'urar da ba ta dace ba
    AWS CLI ta hanyar MFA

Shigar da AWS CLI

https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html

Saita bayanin martaba mai suna

https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

  1. Takardun Tsaro na -> Ƙirƙiri maɓallin shiga
    AWS CLI ta hanyar MFA
  2. Kwafi maɓalli zuwa allon allo. Kuna buƙatar shi a mataki na gaba
  3. $ aws configure --profile <your profile name>

AWS CLI ta hanyar MFA

  1. Kwafi na'urar kama-da-wane ARN
    AWS CLI ta hanyar MFA
  2. aws sts get-session-token --profile <имя профиля> --serial-number <ARN виртуального устройства> --token-code <одноразовый пароль>
    Dole ne a ɗauki kalmar sirrin lokaci ɗaya daga aikace-aikacen wayar hannu da aka saita a baya.
  3. Umurnin zai fitar da JSON, kowane filayen wanda dole ne a canza su zuwa madaidaitan masu canjin yanayi AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN

Na yanke shawarar sarrafa ta atomatik ~/.bash_profile
Don tantance JSON, wannan rubutun yana buƙatar jq.

#!/usr/bin/env bash

aws_login() {
    session=$(aws sts get-session-token "$@")
    echo "${session}"
    AWS_ACCESS_KEY_ID=$(echo "${session}" | jq -r '.Credentials.AccessKeyId')
    export AWS_ACCESS_KEY_ID
    AWS_SECRET_ACCESS_KEY=$(echo "${session}" | jq -r '.Credentials.SecretAccessKey')
    export AWS_SECRET_ACCESS_KEY
    AWS_SESSION_TOKEN=$(echo "${session}" | jq -r '.Credentials.SessionToken')
    export AWS_SESSION_TOKEN
}

alias aws-login-dev='aws_login --profile <имя dev профиля> --serial-number <ARN виртуального устройства> --token-code '
alias aws-login-prod='aws_login --profile <имя prod профиля> --serial-number <ARN виртуального устройства> --token-code '

Amfani:

$ aws-login-dev <одноразовый пароль>

Ina fatan wannan umarni zai taimake ka ka guje wa dogon yawo ta cikin takaddun hukuma 😉

source: www.habr.com

Add a comment