Passing MFA Authentication for Multiple Accounts with AWS Vault
What is AWS Vault?
AWS Vault is a tool that provides a mechanism for securely storing IAM credentials (Access Key Id, Secret Access Key) in your OS keystore and accessing them.
True to its name (Vault = a safe),
it gives you a setup where your secret information is unlikely to leak even if you lose your PC.
The Goal This Time
I want to use AWS Vault to make console login for multiple accounts easy.
When you receive AWS IAM credentials, I imagine MFA is configured.
This is done to manage secure accounts through device authentication.
In that case, you install an app like the one below
and set up a mechanism that authenticates with a 6-digit number that refreshes every minute.
MFA itself
depends on your company’s development policy, but it’s a mechanism that does no harm to have in place.
However, copying and pasting a 6-digit number every time is a hassle.
So I set things up to pass authentication more simply.
Installing aws-vault
1 | macOS%$ brew cask install aws-vault |
Setting Up a profile
1 | aws-vault add <profile> |
Prerequisites
1 | brew tap peco/peco |
bash Configuration
Add the following to your .bashrc, .zshrc, or similar.
1 | function peco-login-aws-account() { |
How to Use
- Select a configured profile and log in
1 | avl |
- Select a configured profile and execute a command
1 | ave |
The actual commands were content I’d rather not record and show, so I couldn’t paste them. Sorry!
Please give it a try and see how it feels ♪
Having to enter a password every time is a bit painful,
but compared to the hassle of MFA it’s far easier.
I don’t think this is really what AWS Vault was intended for,
but if it makes life easier, then it’s all good ♪
