I've been working on some projects which require MFA for all access, including for CLI access and things like using
kubectl with Amazon EKS. One super-annoying aspect of requiring MFA for CLI operations is that every day or so, you have to update your STS access token—and also for that token to work you have to update an AWS profile's Access Key ID and Secret Access Key.
I had a little bash function that would allow me to input a token code from my MFA device and it would spit out the values to put into my
.aws/credentials file, but it was still tiring copying and pasting three values every single morning.
So I wrote a neat little executable Ansible playbook which does everything for me:
To use it, you can download the contents of that file to
/usr/local/bin/aws-sts-token, make the file executable (
chmod +x /usr/local/bin/aws-sts-token), and run the command: