Pulogalamu ya ProHoster > Blog > Ulamuliro > AWS CLI kudzera MFA

AWS CLI kudzera MFA

Kenako padzakhala malangizo okhazikitsa AWS MFA, kenako kukhazikitsa ndikusintha AWS CLI.

Tsoka ilo, njirayi idanditengera theka la tsiku langa logwira ntchito. Kuti ogwiritsa ntchito ena osatetezeka a AWS πŸ˜‰, monga inenso, asataye nthawi yamtengo wapatali pazinthu zazing'ono, ndidaganiza zopanga malangizo.

Ngakhale kuyika akaunti ya sandbox MFA Izi nthawi zambiri zimakhala zofunikira. Umu ndi mmene zilili ndi ife.

Kupanga MFA

  1. Khazikitsani pulogalamu yam'manja yogwirizana
  2. Pitani ku AWS console
  3. Zizindikiro Zanga Zachitetezo -> Perekani MFA Chipangizo
    AWS CLI kudzera MFA
  4. Virtual MFA Chipangizo
    AWS CLI kudzera MFA
  5. Tsatirani malangizo pazenera
    AWS CLI kudzera MFA
    AWS CLI kudzera MFA
  6. Chida chowonekera chakonzeka
    AWS CLI kudzera MFA

Kuyika AWS CLI

https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html

Kukhazikitsa mbiri yotchulidwa

https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

  1. Zizindikiro Zanga Zachitetezo -> Pangani kiyi yolowera
    AWS CLI kudzera MFA
  2. Koperani kiyi pa bolodi lanu lojambula. Mudzazifuna mu sitepe yotsatira
  3. $ aws configure --profile <your profile name>

AWS CLI kudzera MFA

  1. Koperani chipangizo chenicheni cha ARN
    AWS CLI kudzera MFA
  2. aws sts get-session-token --profile <имя профиля> --serial-number <ARN Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠ³ΠΎ устройства> --token-code <ΠΎΠ΄Π½ΠΎΡ€Π°Π·ΠΎΠ²Ρ‹ΠΉ ΠΏΠ°Ρ€ΠΎΠ»ΡŒ>
    Mawu achinsinsi a nthawi imodzi ayenera kutengedwa kuchokera ku pulogalamu yam'manja yomwe idakonzedwa kale.
  3. Lamuloli litulutsa JSON, magawo omwe akuyenera kulowetsedwa m'malo osiyanasiyana AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN

Ndinaganiza zongomaliza ~/.bash_profile
Kuti mudutse JSON, script iyi ikufunika jq.

#!/usr/bin/env bash

aws_login() {
    session=$(aws sts get-session-token "$@")
    echo "${session}"
    AWS_ACCESS_KEY_ID=$(echo "${session}" | jq -r '.Credentials.AccessKeyId')
    export AWS_ACCESS_KEY_ID
    AWS_SECRET_ACCESS_KEY=$(echo "${session}" | jq -r '.Credentials.SecretAccessKey')
    export AWS_SECRET_ACCESS_KEY
    AWS_SESSION_TOKEN=$(echo "${session}" | jq -r '.Credentials.SessionToken')
    export AWS_SESSION_TOKEN
}

alias aws-login-dev='aws_login --profile <имя dev профиля> --serial-number <ARN Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠ³ΠΎ устройства> --token-code '
alias aws-login-prod='aws_login --profile <имя prod профиля> --serial-number <ARN Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠ³ΠΎ устройства> --token-code '

Kugwiritsa:

$ aws-login-dev <ΠΎΠ΄Π½ΠΎΡ€Π°Π·ΠΎΠ²Ρ‹ΠΉ ΠΏΠ°Ρ€ΠΎΠ»ΡŒ>

Ndikukhulupirira kuti malangizowa akuthandizani kupewa kuyendayenda kwanthawi yayitali pamakalata ovomerezeka πŸ˜‰

Source: www.habr.com

Kuwonjezera ndemanga