ProHoster > Π‘Π»ΠΎΠ³ > administratio > AWS CLI per MFA

AWS CLI per MFA

Deinde instructiones erunt ad constituendum AWS MFA, ac deinde inaugurandi ac configurandi AWS CLI.

Infeliciter, hoc modo procedendi nuncius me dimidium laboris mei diei accepit. Ita ut aliae insecutae AWS utentes , sicut meipsum, non pretiosum tempus terere in minimis, instructiones statuere decrevi.

Etiam sandbox propter occasum MFA Hoc plerumque mandati postulationem. Ita est apud nos.

Erexerit MFA

  1. install mobile app compatible
  2. ire AWS consolantur
  3. Mea Securitatis Credentials -> Assignare MFA Fabrica
    AWS CLI per MFA
  4. Virtual MFA Device
    AWS CLI per MFA
  5. Sequi instructiones in tentoriis
    AWS CLI per MFA
    AWS CLI per MFA
  6. Rectum fabrica parata est
    AWS CLI per MFA

Installing AWS CLI

https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html

Profecti sunt in nomine profile

https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

  1. Mea Securitatis Credentials -> clavem crea aditum
    AWS CLI per MFA
  2. Effingo clavis ad clipboard. Opus erit tibi in proximo gradu
  3. $ aws configure --profile <your profile name>

AWS CLI per MFA

  1. Effingo virtualis fabrica ARN
    AWS CLI per MFA
  2. aws sts get-session-token --profile <имя профиля> --serial-number <ARN Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠ³ΠΎ устройства> --token-code <ΠΎΠ΄Π½ΠΎΡ€Π°Π·ΠΎΠ²Ρ‹ΠΉ ΠΏΠ°Ρ€ΠΎΠ»ΡŒ>
    Unum tempus tesserae sumenda est e applicatione mobili ante figurato.
  3. Praeceptum de JSON outputabit, quorum singuli agri substituendi sunt in variabiles ambitus correspondentes AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN.

Constitui automate per ~/.bash_profile
Ad parse JSON, hoc scriptum requirit jq.

#!/usr/bin/env bash

aws_login() {
    session=$(aws sts get-session-token "$@")
    echo "${session}"
    AWS_ACCESS_KEY_ID=$(echo "${session}" | jq -r '.Credentials.AccessKeyId')
    export AWS_ACCESS_KEY_ID
    AWS_SECRET_ACCESS_KEY=$(echo "${session}" | jq -r '.Credentials.SecretAccessKey')
    export AWS_SECRET_ACCESS_KEY
    AWS_SESSION_TOKEN=$(echo "${session}" | jq -r '.Credentials.SessionToken')
    export AWS_SESSION_TOKEN
}

alias aws-login-dev='aws_login --profile <имя dev профиля> --serial-number <ARN Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠ³ΠΎ устройства> --token-code '
alias aws-login-prod='aws_login --profile <имя prod профиля> --serial-number <ARN Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠ³ΠΎ устройства> --token-code '

uti:

$ aws-login-dev <ΠΎΠ΄Π½ΠΎΡ€Π°Π·ΠΎΠ²Ρ‹ΠΉ ΠΏΠ°Ρ€ΠΎΠ»ΡŒ>

Spero hanc disciplinam adiuvabit ut per documenta publica devita longas errores

Source: www.habr.com