You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AWth (pronounced Awe-th) is yet another CLI tool for authenticating to multiple AWS accounts using MFA. It's a fork/significant rewrite of [elastic/aws-mfa](https://github.com/elastic/aws-mfa) which is a fork of [broamski/aws-mfa](https://github.com/broamski/aws-mfa) which itself uses the boto4 library to authenticate to AWS.
6
+
7
+
8
+
## original aws-mfa intro while we continue to update this code base
4
9
**aws-mfa** makes it easy to manage your AWS SDK Security Credentials when Multi-Factor Authentication (MFA) is enforced on your AWS account. It automates the process of obtaining temporary credentials from the [AWS Security Token Service](http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html) and updating your [AWS Credentials](https://blogs.aws.amazon.com/security/post/Tx3D6U6WSFGOK2H/A-New-and-Standardized-Way-to-Manage-Credentials-in-the-AWS-SDKs) file (located at `~/.aws/credentials`). Traditional methods of managing MFA-based credentials requires users to write their own bespoke scripts/wrappers to fetch temporary credentials from STS and often times manually update their AWS credentials file.
5
10
6
11
The concept behind **aws-mfa** is that there are 2 types of credentials:
@@ -13,21 +18,17 @@ The concept behind **aws-mfa** is that there are 2 types of credentials:
13
18
If you haven't yet enabled multi-factor authentication for AWS API access, check out the [AWS article](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_configure-api-require.html) on doing so.
14
19
15
20
16
-
Installation:
17
-
-------------
18
-
Option 1
19
-
```sh
20
-
$ pip install aws-mfa
21
-
```
21
+
# Installation
22
22
23
-
Option 2
24
-
```sh
25
-
1. Clone this repo
26
-
2. $ python setup.py install
23
+
I highly recommend you use [pipx] for installation:
24
+
25
+
```bash
26
+
pipx install awth
27
27
```
28
28
29
-
Credentials File Setup
30
-
----------------------
29
+
30
+
# Credentials File Setup
31
+
31
32
32
33
By default long term credentials are stored in system keychain (using [keyring library](https://pypi.org/project/keyring/)), only short term credentials are stored in `~/.aws/credentials`.
33
34
It is possible to not use system keychain to store and retrieve long term credentials by running __aws-mfa__ with the `--no-keychain` command line flag. When using the `--no-keychain` flag, long term credentials are stored in and retrieved from `~/.aws/credentials`_(NOT RECOMMENDED)_.
@@ -156,7 +157,7 @@ Usage
156
157
To identify the long term credential section by
157
158
[<profile_name>-LONG_TERM_SUFFIX]. Use 'none' to
158
159
identify the long term credential section by
159
-
[<profile_name>]. Omit to identify the long term
160
+
[<profile_name>]. Omit to identify the long term
160
161
credential section by [<profile_name>-long-term].
161
162
--short-term-suffix SHORT_TERM_SUFFIX
162
163
To identify the short term credential section by
@@ -284,7 +285,7 @@ INFO - Your credentials have expired, renewing.
284
285
Enter AWS MFA code for device [arn:aws:iam::111111111111:mfa/me] (renewing for 3600 seconds):123456
285
286
INFO - Success! Your credentials will expire in 3600 seconds at: 2017-07-10 07:16:43+00:00
0 commit comments