Ọzọ ga-abụ ntuziaka maka ịtọlite AWS MFA, wee wụnye na hazie AWS CLI.
O di nwute, usoro mmanye a were m ọkara nke ụbọchị ọrụ m. Ka ndị ọrụ AWS ndị ọzọ na-enweghị nchebe 😉, dị ka onwe m, egbula oge dị oke ọnụ ahịa na obere ihe, ekpebiri m ikpokọta ntuziaka.
Ọbụna maka ntọala akaụntụ sandbox Nke a na-abụkarị ihe a chọrọ n'aka. Otú a ka ọ dị anyị.
Ịtọlite MFA
- Tọọ
- Gaa na
- -> Kenye ngwaọrụ MFA
- Ngwa MFA mebere
- Soro ntuziaka dị n'ihuenyo
- Ngwa ngwa adịla njikere
Ịwụnye AWS CLI
Ịtọlite profaịlụ akpọrọ aha
- -> Mepụta igodo nnweta
- Detuo igodo na klipbọọdụ gị. Ị ga-achọ ya na nzọụkwụ ọzọ
$ aws configure --profile <your profile name>
AWS CLI site na MFA
- Detuo ARN ngwaọrụ mebere
aws sts get-session-token --profile <имя профиля> --serial-number <ARN виртуального устройства> --token-code <одноразовый пароль>
A ga-ewepụrịrị paswọọdụ otu oge na ngwa mkpanaka ahaziri na mbụ.- Iwu ahụ ga-ewepụta JSON, mpaghara nke ọ bụla ga-edochi ya n'ime mgbanwe gburugburu ebe kwekọrọ AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN
Ekpebiri m ịmegharị ya ~/.bash_profile
Iji tugharia JSON, edemede a chọrọ .
#!/usr/bin/env bash
aws_login() {
session=$(aws sts get-session-token "$@")
echo "${session}"
AWS_ACCESS_KEY_ID=$(echo "${session}" | jq -r '.Credentials.AccessKeyId')
export AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY=$(echo "${session}" | jq -r '.Credentials.SecretAccessKey')
export AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN=$(echo "${session}" | jq -r '.Credentials.SessionToken')
export AWS_SESSION_TOKEN
}
alias aws-login-dev='aws_login --profile <имя dev профиля> --serial-number <ARN виртуального устройства> --token-code '
alias aws-login-prod='aws_login --profile <имя prod профиля> --serial-number <ARN виртуального устройства> --token-code 'Ojiji:
$ aws-login-dev <одноразовый пароль>Enwere m olileanya na ntuziaka a ga-enyere gị aka izere ịkpagharị ogologo oge site na akwụkwọ gọọmentị 😉
isi: www.habr.com