ProHoster > Блог > Whakahaerenga > AWS CLI ma te MFA

AWS CLI ma te MFA

Ka whai ake ko nga tohutohu mo te whakatu AWS MFA, katahi ka whakauru me te whirihora AWS CLI.

Kia aroha mai, na tenei tikanga whakahau i tango ahau i te haurua o taku ra mahi. Ko etahi atu kaiwhakamahi AWS 😉, penei i ahau, kaua e moumou i te waa utu nui mo nga mea iti, ka whakatau ahau ki te whakahiato i nga tohutohu.

Ahakoa mo te whakatakotoranga putea kirikiri MFA Ko te tikanga he whakaritenga whakahau tenei. Ko te ahua tenei ki a tatou.

Te whakatu MFA

  1. Tāuta taupānga pūkoro hototahi
  2. Haere ki AWS papatohu
  3. Taku Taipitopito Haumarutanga -> Whakaritea te Pūrere MFA
    AWS CLI ma te MFA
  4. Pūrere MFA Mariko
    AWS CLI ma te MFA
  5. Whaia nga tohutohu kei runga i te mata
    AWS CLI ma te MFA
    AWS CLI ma te MFA
  6. Kua reri te taputapu mariko
    AWS CLI ma te MFA

Tāuta AWS CLI

https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html

Te whakarite i tetahi tohu ingoa

https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

  1. Taku Taipitopito Haumarutanga -> Waihangahia te kī uru
    AWS CLI ma te MFA
  2. Tāruatia te kī ki tō papatopenga. Ka hiahia koe i roto i te taahiraa e whai ake nei
  3. $ aws configure --profile <your profile name>

AWS CLI ma te MFA

  1. Tāruahia te taputapu mariko ARN
    AWS CLI ma te MFA
  2. aws sts get-session-token --profile <имя профиля> --serial-number <ARN виртуального устройства> --token-code <одноразовый пароль>
    Me tango te kupuhipa kotahi-wa mai i te tono pūkoro i whirihorahia i mua.
  3. Ka whakaputahia e te whakahau a JSON, ko nga mara takitahi me whakakapi ki nga taurangi taiao e rite ana AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN

I whakatau ahau ki te whakaaunoa ~/.bash_profile
Hei poroporoaki i a JSON, me hiahia tenei tuhinga jq.

#!/usr/bin/env bash

aws_login() {
    session=$(aws sts get-session-token "$@")
    echo "${session}"
    AWS_ACCESS_KEY_ID=$(echo "${session}" | jq -r '.Credentials.AccessKeyId')
    export AWS_ACCESS_KEY_ID
    AWS_SECRET_ACCESS_KEY=$(echo "${session}" | jq -r '.Credentials.SecretAccessKey')
    export AWS_SECRET_ACCESS_KEY
    AWS_SESSION_TOKEN=$(echo "${session}" | jq -r '.Credentials.SessionToken')
    export AWS_SESSION_TOKEN
}

alias aws-login-dev='aws_login --profile <имя dev профиля> --serial-number <ARN виртуального устройства> --token-code '
alias aws-login-prod='aws_login --profile <имя prod профиля> --serial-number <ARN виртуального устройства> --token-code '

Whakamahi:

$ aws-login-dev <одноразовый пароль>

Ko taku tumanako ka awhina tenei tohutohu ki a koe ki te karo i nga kopikopiko roa i roto i nga tuhinga whaimana 😉

Source: will.com

Tāpiri i te kōrero