ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > AWS CLI via MFA

AWS CLI via MFA

Tom ntej no yuav yog cov lus qhia rau kev teeb tsa AWS MFA, thiab tom qab ntawd txhim kho thiab teeb tsa AWS CLI.

Hmoov tsis zoo, cov txheej txheem yuav tsum tau coj kuv ib nrab ntawm kuv hnub ua haujlwm. Yog li ntawd lwm cov neeg siv AWS tsis muaj kev nyab xeeb πŸ˜‰, zoo li kuv tus kheej, tsis txhob nkim lub sijhawm muaj nuj nqis ntawm qhov tsis tseem ceeb, kuv txiav txim siab los sau cov lus qhia.

Txawm rau kev teeb tsa tus account sandbox MFA Qhov no feem ntau yog qhov yuav tsum tau ua. Qhov no yog li cas nws nrog peb.

Kev teeb tsa MFA

  1. Teeb tau tshaj mobile app
  2. Mus rau AWS console
  3. Kuv Daim Ntawv Pov Thawj Kev Ruaj Ntseg -> Muab MFA ntaus ntawv
    AWS CLI via MFA
  4. Virtual MFA Ntaus
    AWS CLI via MFA
  5. Ua raws li cov lus qhia ntawm qhov screen
    AWS CLI via MFA
    AWS CLI via MFA
  6. Virtual ntaus ntawv yog npaj txhij
    AWS CLI via MFA

Install AWS CLI

https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html

Kev teeb tsa lub npe profile

https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

  1. Kuv Daim Ntawv Pov Thawj Kev Ruaj Ntseg -> Tsim tus yuam sij nkag
    AWS CLI via MFA
  2. Luam tus yuam sij rau koj cov ntawv teev cia. Koj yuav xav tau nws nyob rau theem tom ntej
  3. $ aws configure --profile <your profile name>

AWS CLI via MFA

  1. Luam theej lub tshuab virtual ARN
    AWS CLI via MFA
  2. aws sts get-session-token --profile <имя профиля> --serial-number <ARN Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠ³ΠΎ устройства> --token-code <ΠΎΠ΄Π½ΠΎΡ€Π°Π·ΠΎΠ²Ρ‹ΠΉ ΠΏΠ°Ρ€ΠΎΠ»ΡŒ>
    Tus password ib zaug yuav tsum raug coj los ntawm daim ntawv thov mobile tau teeb tsa ua ntej.
  3. Cov lus txib yuav tso tawm JSON, tus kheej cov teb uas yuav tsum tau hloov mus rau hauv qhov sib txuas ib puag ncig hloov pauv AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN

Kuv txiav txim siab automate los ntawm ~/.bash_profile
Txhawm rau txheeb xyuas JSON, tsab ntawv no xav tau jq.

#!/usr/bin/env bash

aws_login() {
    session=$(aws sts get-session-token "$@")
    echo "${session}"
    AWS_ACCESS_KEY_ID=$(echo "${session}" | jq -r '.Credentials.AccessKeyId')
    export AWS_ACCESS_KEY_ID
    AWS_SECRET_ACCESS_KEY=$(echo "${session}" | jq -r '.Credentials.SecretAccessKey')
    export AWS_SECRET_ACCESS_KEY
    AWS_SESSION_TOKEN=$(echo "${session}" | jq -r '.Credentials.SessionToken')
    export AWS_SESSION_TOKEN
}

alias aws-login-dev='aws_login --profile <имя dev профиля> --serial-number <ARN Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠ³ΠΎ устройства> --token-code '
alias aws-login-prod='aws_login --profile <имя prod профиля> --serial-number <ARN Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠ³ΠΎ устройства> --token-code '

Siv:

$ aws-login-dev <ΠΎΠ΄Π½ΠΎΡ€Π°Π·ΠΎΠ²Ρ‹ΠΉ ΠΏΠ°Ρ€ΠΎΠ»ΡŒ>

Kuv vam tias cov lus qhia no yuav pab koj kom tsis txhob taug kev mus ntev los ntawm cov ntaub ntawv raug cai πŸ˜‰

Tau qhov twg los: www.hab.com

Ntxiv ib saib