Mateusz Soltysik Blog

Mateusz Soltysik Blog

On tech, software engineering, live & more.

Seamless 2 FA for assume-role

1. Install assume-role

# It seems to be a bit outdated; but had no better resource yet.
$ go get -u

2. Install 2FA

$ go get -u

3. Integrate AWS Auth Token with 2FA

# my-aws is an alias for my key generator.
$ 2fa -add my-aws

The program will ask you as for 2fa key for my-aws.
You can obtain the key from the AWS Security Credentials webpage.

Next, we have to generate two consecutive keys and put it into a form on the AWS Website:

$ 2fa my-aws

# wait till the number change.

$ 2fa my-aws

4. Create an alias for assume-role

Open your zsh/bash shell config and put in the following line:

# It generates the token using 2fa, and pass it to the assume-role command.
alias assume-role='function(){eval $(2fa my-aws | command assume-role $@);}'

Restart your shell or run source ~/.zshrc to make the alias works.

5. Example usage

Assume role and verify if the AWS env varibles are set.

$ env | grep 'AWS'

$ assume-role my-role-name

$ env | grep 'AWS'

$ awk 'BEGIN{for(v in ENVIRON) print v}' | grep 'AWS'