I-ProHoster > Блог > Ukuphatha > I-AWS CLI nge-MFA

I-AWS CLI nge-MFA

Okulandelayo kuzoba imiyalelo yokusetha i-AWS MFA, bese ufaka futhi ulungise i-AWS CLI.

Ngeshwa, le nqubo eyisibopho yangithatha ingxenye yosuku lwami lokusebenza. Ukuze abanye abasebenzisi be-AWS abangavikelekile 😉, njengami, bangachithi isikhathi esibalulekile kokuncane, nginqume ukuhlanganisa imiyalelo.

Ngisho nezilungiselelo ze-akhawunti ye-sandbox MFA Lokhu ngokuvamile kuyisidingo esiyisibopho. Kunjalo nakithi.

Isetha i-MFA

  1. Faka uhlelo lokusebenza lweselula oluhambisanayo
  2. Iya ku I-console ye-AWS
  3. Imininingwane Yami Yokuphepha -> Yabela idivayisi ye-MFA
    I-AWS CLI nge-MFA
  4. Idivayisi ye-MFA ebonakalayo
    I-AWS CLI nge-MFA
  5. Landela imiyalo esesibukweni
    I-AWS CLI nge-MFA
    I-AWS CLI nge-MFA
  6. Idivayisi ebonakalayo isilungile
    I-AWS CLI nge-MFA

Ifaka i-AWS CLI

https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html

Isetha iphrofayela enegama

https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

  1. Imininingwane Yami Yokuphepha -> Dala ukhiye wokufinyelela
    I-AWS CLI nge-MFA
  2. Kopisha ukhiye ebhodini lakho lokunamathisela. Uzoyidinga esinyathelweni esilandelayo
  3. $ aws configure --profile <your profile name>

I-AWS CLI nge-MFA

  1. Kopisha idivayisi ebonakalayo ye-ARN
    I-AWS CLI nge-MFA
  2. aws sts get-session-token --profile <имя профиля> --serial-number <ARN виртуального устройства> --token-code <одноразовый пароль>
    Iphasiwedi yesikhathi esisodwa kufanele ithathwe kuhlelo lokusebenza lweselula olulungiselelwe ngaphambili.
  3. Umyalo uzokhipha i-JSON, izinkambu ezingazodwana okufanele zifakwe endaweni eguquguqukayo ehambisanayo yemvelo AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN

Nginqume ukuzenzela ~/.bash_profile
Ukuze uhlaziye i-JSON, lesi skripthi sidinga jq.

#!/usr/bin/env bash

aws_login() {
    session=$(aws sts get-session-token "$@")
    echo "${session}"
    AWS_ACCESS_KEY_ID=$(echo "${session}" | jq -r '.Credentials.AccessKeyId')
    export AWS_ACCESS_KEY_ID
    AWS_SECRET_ACCESS_KEY=$(echo "${session}" | jq -r '.Credentials.SecretAccessKey')
    export AWS_SECRET_ACCESS_KEY
    AWS_SESSION_TOKEN=$(echo "${session}" | jq -r '.Credentials.SessionToken')
    export AWS_SESSION_TOKEN
}

alias aws-login-dev='aws_login --profile <имя dev профиля> --serial-number <ARN виртуального устройства> --token-code '
alias aws-login-prod='aws_login --profile <имя prod профиля> --serial-number <ARN виртуального устройства> --token-code '

Sebenzisa:

$ aws-login-dev <одноразовый пароль>

Ngethemba ukuthi lo myalelo uzokusiza ugweme ukuzulazula isikhathi eside ngemibhalo esemthethweni 😉

Source: www.habr.com

Engeza amazwana