ProHoster > Ibhulogi > Ulawulo > AWS CLI ngeMFA

AWS CLI ngeMFA

Okulandelayo kuya kuba yimiyalelo yokuseta i-AWS MFA, kwaye emva koko ufake kwaye uqwalasele i-AWS CLI.

Ngelishwa, le nkqubo inyanzelekileyo yandithatha isiqingatha sosuku lwam lokusebenza. Ukuze abanye abasebenzisi be-AWS abangakhuselekanga πŸ˜‰, njengam, bangachithi ixesha elixabisekileyo kwinto engenamsebenzi, ndigqibe ekubeni ndiqulunqe imiyalelo.

Nokuba kuseto lweakhawunti yesanti Ukongezwa kweMFA Oku kudla ngokuba yimfuneko enyanzelekileyo. Kunjalo ke nakuthi.

Ukumisela i-MFA

  1. Faka ifayile app ehambelanayo mobile
  2. Yiya ku AWS console
  3. IiNkcazo zam zoKhuseleko -> Yabela isixhobo seMFA
    AWS CLI ngeMFA
  4. Isixhobo seMFA esibonakalayo
    AWS CLI ngeMFA
  5. Landela imiyalelo ekwiskrini
    AWS CLI ngeMFA
    AWS CLI ngeMFA
  6. Isixhobo esibonakalayo silungile
    AWS CLI ngeMFA

Ukufakela i-AWS CLI

https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html

Ukumisela iprofayile enegama

https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

  1. IiNkcazo zam zoKhuseleko -> Yenza iqhosha lokufikelela
    AWS CLI ngeMFA
  2. Khuphela isitshixo kwibhodi eqhotyoshwayo. Uya kuyidinga kwinyathelo elilandelayo
  3. $ aws configure --profile <your profile name>

AWS CLI ngeMFA

  1. Khuphela isixhobo esibonakalayo se-ARN
    AWS CLI ngeMFA
  2. aws sts get-session-token --profile <имя профиля> --serial-number <ARN Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠ³ΠΎ устройства> --token-code <ΠΎΠ΄Π½ΠΎΡ€Π°Π·ΠΎΠ²Ρ‹ΠΉ ΠΏΠ°Ρ€ΠΎΠ»ΡŒ>
    Igama lokugqitha lexesha elinye kufuneka lithathwe kwisicelo esiphathwayo esiqwalaselwe kwangaphambili.
  3. Umyalelo uya kukhupha i-JSON, imihlaba nganye ekufuneka ifakwe endaweni yayo kwindawo ehambelanayo variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN

Ndagqiba ekubeni ndizenzele ~/.bash_profile
Ukwahlula i-JSON, esi script sifuna jq.

#!/usr/bin/env bash

aws_login() {
    session=$(aws sts get-session-token "$@")
    echo "${session}"
    AWS_ACCESS_KEY_ID=$(echo "${session}" | jq -r '.Credentials.AccessKeyId')
    export AWS_ACCESS_KEY_ID
    AWS_SECRET_ACCESS_KEY=$(echo "${session}" | jq -r '.Credentials.SecretAccessKey')
    export AWS_SECRET_ACCESS_KEY
    AWS_SESSION_TOKEN=$(echo "${session}" | jq -r '.Credentials.SessionToken')
    export AWS_SESSION_TOKEN
}

alias aws-login-dev='aws_login --profile <имя dev профиля> --serial-number <ARN Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠ³ΠΎ устройства> --token-code '
alias aws-login-prod='aws_login --profile <имя prod профиля> --serial-number <ARN Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠ³ΠΎ устройства> --token-code '

Sebenzisa:

$ aws-login-dev <ΠΎΠ΄Π½ΠΎΡ€Π°Π·ΠΎΠ²Ρ‹ΠΉ ΠΏΠ°Ρ€ΠΎΠ»ΡŒ>

Ndiyathemba ukuba lo myalelo uya kukunceda uphephe ukuzulazula ixesha elide kumaxwebhu asemthethweni πŸ˜‰

umthombo: www.habr.com

Yongeza izimvo