Mateusz Soltysik Blog

Mateusz Soltysik Blog

On tech, software engineering, live & more.

Seamless 2 FA for assume-role

1. Install assume-role

# It seems to be a bit outdated; but had no better resource yet.
$ go get -u github.com/remind101/assume-role

2. Install 2FA

$ go get -u rsc.io/2fa

3. Integrate AWS Auth Token with 2FA

# my-aws is an alias for my key generator.
$ 2fa -add my-aws

The program will ask you as for 2fa key for my-aws.
You can obtain the key from the AWS Security Credentials webpage.

Next, we have to generate two consecutive keys and put it into a form on the AWS Website:

$ 2fa my-aws
012345

# wait till the number change.

$ 2fa my-aws
456789

4. Create an alias for assume-role

Open your zsh/bash shell config and put in the following line:

# It generates the token using 2fa, and pass it to the assume-role command.
alias assume-role='function(){eval $(2fa my-aws | command assume-role $@);}'

Restart your shell or run source ~/.zshrc to make the alias works.

5. Example usage

Assume role and verify if the AWS env varibles are set.

$ env | grep 'AWS'
0

$ assume-role my-role-name

$ env | grep 'AWS'
4

$ awk 'BEGIN{for(v in ENVIRON) print v}' | grep 'AWS'

AWS_SECURITY_TOKEN
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN