token-mfaauth-create

token-mfaauth-create

Attempts to get valid AWS session credentials using MFA based authentication

Internal but useful for troubleshooting

This AXE command is used internally to load identity profiles which are then used to request API access. Generally only useful when troubleshooting issues with MFA

Command

1
2
3
4
5
Basic script to provide AWS Session Tokens

Usage:
    axe-token-mfaauth-create <access_key> <secret_key> <mfa_serial_number> <mfa_token> [ --debug ]
    axe-token-mfaauth-create ( -h | --help )

Example Usage

Simple

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
$ axe token-mfaauth-create 'AKIAILA5HGSTJGH4W3QQ' '455322222JJWjsikcS1VAQXItEV0sd+34AmZv9E9bW' 'arn:aws:iam::123456789021:mfa/iamamfauser' 039743
2017-01-11 13:28:40,543 DEBUG Requesting credentials
2017-01-11 14:30:42,230 DEBUG command-line options: <role_arn>: arn:aws:iam::123456789021:role/aws_developer
2017-01-11 14:30:42,231 DEBUG command-line options: <mfa_token>: 039743
2017-01-11 14:30:42,231 DEBUG command-line options: -h: False
2017-01-11 14:30:42,231 DEBUG command-line options: <secret_key>: 455322222JJWjsikcS1VAQXItEV0sd+34AmZv9E9bW
2017-01-11 14:30:42,231 DEBUG command-line options: <mfa_serial_number>: arn:aws:iam::123456789021:mfa/iamamfauser
2017-01-11 14:30:42,231 DEBUG command-line options: --debug: True
2017-01-11 14:30:42,231 DEBUG command-line options: <access_key>: AKIAILA5HGSTJGH4W3QQ
2017-01-11 14:30:42,231 DEBUG command-line options: --help: False
2017-01-11 14:30:42,240 DEBUG Role ARN provided. Attempting to assume role

Notes

  • The default STS token validity is one hour (3600 seconds) and is currently set by AWS