Okulandelayo kuzoba imiyalelo yokusetha i-AWS MFA, bese ufaka futhi ulungise i-AWS CLI.
Ngeshwa, le nqubo eyisibopho yangithatha ingxenye yosuku lwami lokusebenza. Ukuze abanye abasebenzisi be-AWS abangavikelekile 😉, njengami, bangachithi isikhathi esibalulekile kokuncane, nginqume ukuhlanganisa imiyalelo.
Ngisho nezilungiselelo ze-akhawunti ye-sandbox
Isetha i-MFA
- Faka
uhlelo lokusebenza lweselula oluhambisanayo - Iya ku
I-console ye-AWS Imininingwane Yami Yokuphepha -> Yabela idivayisi ye-MFA
- Idivayisi ye-MFA ebonakalayo
- Landela imiyalo esesibukweni
- Idivayisi ebonakalayo isilungile
Ifaka i-AWS CLI
Isetha iphrofayela enegama
Imininingwane Yami Yokuphepha -> Dala ukhiye wokufinyelela
- Kopisha ukhiye ebhodini lakho lokunamathisela. Uzoyidinga esinyathelweni esilandelayo
$ aws configure --profile <your profile name>
I-AWS CLI nge-MFA
- Kopisha idivayisi ebonakalayo ye-ARN
aws sts get-session-token --profile <имя профиля> --serial-number <ARN виртуального устройства> --token-code <одноразовый пароль>
Iphasiwedi yesikhathi esisodwa kufanele ithathwe kuhlelo lokusebenza lweselula olulungiselelwe ngaphambili.- Umyalo uzokhipha i-JSON, izinkambu ezingazodwana okufanele zifakwe endaweni eguquguqukayo ehambisanayo yemvelo AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN
Nginqume ukuzenzela ~/.bash_profile
Ukuze uhlaziye i-JSON, lesi skripthi sidinga
#!/usr/bin/env bash
aws_login() {
session=$(aws sts get-session-token "$@")
echo "${session}"
AWS_ACCESS_KEY_ID=$(echo "${session}" | jq -r '.Credentials.AccessKeyId')
export AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY=$(echo "${session}" | jq -r '.Credentials.SecretAccessKey')
export AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN=$(echo "${session}" | jq -r '.Credentials.SessionToken')
export AWS_SESSION_TOKEN
}
alias aws-login-dev='aws_login --profile <имя dev профиля> --serial-number <ARN виртуального устройства> --token-code '
alias aws-login-prod='aws_login --profile <имя prod профиля> --serial-number <ARN виртуального устройства> --token-code '
Sebenzisa:
$ aws-login-dev <одноразовый пароль>
Ngethemba ukuthi lo myalelo uzokusiza ugweme ukuzulazula isikhathi eside ngemibhalo esemthethweni 😉
Source: www.habr.com