Tom ntej no yuav yog cov lus qhia rau kev teeb tsa AWS MFA, thiab tom qab ntawd txhim kho thiab teeb tsa AWS CLI.
Hmoov tsis zoo, cov txheej txheem yuav tsum tau coj kuv ib nrab ntawm kuv hnub ua haujlwm. Yog li ntawd lwm cov neeg siv AWS tsis muaj kev nyab xeeb π, zoo li kuv tus kheej, tsis txhob nkim lub sijhawm muaj nuj nqis ntawm qhov tsis tseem ceeb, kuv txiav txim siab los sau cov lus qhia.
Txawm rau kev teeb tsa tus account sandbox
Kev teeb tsa MFA
- Teeb
tau tshaj mobile app - Mus rau
AWS console Kuv Daim Ntawv Pov Thawj Kev Ruaj Ntseg -> Muab MFA ntaus ntawv
- Virtual MFA Ntaus
- Ua raws li cov lus qhia ntawm qhov screen
- Virtual ntaus ntawv yog npaj txhij
Install AWS CLI
Kev teeb tsa lub npe profile
Kuv Daim Ntawv Pov Thawj Kev Ruaj Ntseg -> Tsim tus yuam sij nkag
- Luam tus yuam sij rau koj cov ntawv teev cia. Koj yuav xav tau nws nyob rau theem tom ntej
$ aws configure --profile <your profile name>
AWS CLI via MFA
- Luam theej lub tshuab virtual ARN
aws sts get-session-token --profile <ΠΈΠΌΡ ΠΏΡΠΎΡΠΈΠ»Ρ> --serial-number <ARN Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΠΎΠ³ΠΎ ΡΡΡΡΠΎΠΉΡΡΠ²Π°> --token-code <ΠΎΠ΄Π½ΠΎΡΠ°Π·ΠΎΠ²ΡΠΉ ΠΏΠ°ΡΠΎΠ»Ρ>
Tus password ib zaug yuav tsum raug coj los ntawm daim ntawv thov mobile tau teeb tsa ua ntej.- Cov lus txib yuav tso tawm JSON, tus kheej cov teb uas yuav tsum tau hloov mus rau hauv qhov sib txuas ib puag ncig hloov pauv AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN
Kuv txiav txim siab automate los ntawm ~/.bash_profile
Txhawm rau txheeb xyuas JSON, tsab ntawv no xav tau
#!/usr/bin/env bash
aws_login() {
session=$(aws sts get-session-token "$@")
echo "${session}"
AWS_ACCESS_KEY_ID=$(echo "${session}" | jq -r '.Credentials.AccessKeyId')
export AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY=$(echo "${session}" | jq -r '.Credentials.SecretAccessKey')
export AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN=$(echo "${session}" | jq -r '.Credentials.SessionToken')
export AWS_SESSION_TOKEN
}
alias aws-login-dev='aws_login --profile <ΠΈΠΌΡ dev ΠΏΡΠΎΡΠΈΠ»Ρ> --serial-number <ARN Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΠΎΠ³ΠΎ ΡΡΡΡΠΎΠΉΡΡΠ²Π°> --token-code '
alias aws-login-prod='aws_login --profile <ΠΈΠΌΡ prod ΠΏΡΠΎΡΠΈΠ»Ρ> --serial-number <ARN Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΠΎΠ³ΠΎ ΡΡΡΡΠΎΠΉΡΡΠ²Π°> --token-code '
Siv:
$ aws-login-dev <ΠΎΠ΄Π½ΠΎΡΠ°Π·ΠΎΠ²ΡΠΉ ΠΏΠ°ΡΠΎΠ»Ρ>
Kuv vam tias cov lus qhia no yuav pab koj kom tsis txhob taug kev mus ntev los ntawm cov ntaub ntawv raug cai π
Tau qhov twg los: www.hab.com