<ul>
<li><h2 id="heading-outline">outline</h2>
</li>
</ul>
<blockquote>
Using AWS CLI under MFA, you need session token and temporary AWS Access key and Secret key.
</blockquote>
<ul>
<li><h2 id="heading-how-to">how-to</h2>
</li>
</ul>
<pre><code class="lang-bash"># aws sts get-session-token --duration-seconds 10000 --serial-number "arn:aws:iam::111111111:mfa/mfa_user" --token-code 123456
{
 "Credentials": {
 "AccessKeyId": "ABCDQWEQWEQWEQWE",
 "SecretAccessKey": "YWEesaldkjsadlkgjasgsdgsadgsadgsadgsadg",
 "SessionToken": "sadfsdfsdfsadf/asdfsadfsdfsadfsadf/v//////////sdfgdsfgdfg+dsfgdsfgsdfg/dsfgsdfgsdfg/FG3TNqkzC2gQm6OPMN28y64GOpcBH20CXZNG4+dsfgdsfgsdfgsdfg/sdfgdsfgdsfgdsfg+sdfgsdfgdsfg+sdfgsdfgsdfgdsfg==",
 "Expiration": "2024-02-19T12:12:12+00:00"
 }
}

# export AWS_ACCESS_KEY_ID=ABCDQWEQWEQWEQWE
# export AWS_SECRET_ACCESS_KEY=YWEesaldkjsadlkgjasgsdgsadgsadgsadgsadg
# export AWS_SESSION_TOKEN=sadfsdfsdfsadf/asdfsadfsdfsadfsadf/v//////////sdfgdsfgdfg+dsfgdsfgsdfg/dsfgsdfgsdfg/FG3TNqkzC2gQm6OPMN28y64GOpcBH20CXZNG4+dsfgdsfgsdfgsdfg/sdfgdsfgdsfgdsfg+sdfgsdfgdsfg+sdfgsdfgsdfgdsfg==
</code></pre>
<ul>
<li><h2 id="heading-reference">reference</h2>
</li>
</ul>
<blockquote>
<a target="_blank" href="https://repost.aws/knowledge-center/authenticate-mfa-cli">https://repost.aws/knowledge-center/authenticate-mfa-cli</a>
<a target="_blank" href="https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/get-session-token.html">https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/get-session-token.html</a>
<a target="_blank" href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_access-denied.html">https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_access-denied.html</a>
</blockquote>

* ## outline
    

> Using AWS CLI under MFA, you need session token and temporary AWS Access key and Secret key.

* ## how-to
    

```bash
# aws sts get-session-token --duration-seconds 10000 --serial-number "arn:aws:iam::111111111:mfa/mfa_user" --token-code 123456
{
    "Credentials": {
        "AccessKeyId": "ABCDQWEQWEQWEQWE",
        "SecretAccessKey": "YWEesaldkjsadlkgjasgsdgsadgsadgsadgsadg",
        "SessionToken": "sadfsdfsdfsadf/asdfsadfsdfsadfsadf/v//////////sdfgdsfgdfg+dsfgdsfgsdfg/dsfgsdfgsdfg/FG3TNqkzC2gQm6OPMN28y64GOpcBH20CXZNG4+dsfgdsfgsdfgsdfg/sdfgdsfgdsfgdsfg+sdfgsdfgdsfg+sdfgsdfgsdfgdsfg==",
        "Expiration": "2024-02-19T12:12:12+00:00"
    }
}

# export AWS_ACCESS_KEY_ID=ABCDQWEQWEQWEQWE
# export AWS_SECRET_ACCESS_KEY=YWEesaldkjsadlkgjasgsdgsadgsadgsadgsadg
# export AWS_SESSION_TOKEN=sadfsdfsdfsadf/asdfsadfsdfsadfsadf/v//////////sdfgdsfgdfg+dsfgdsfgsdfg/dsfgsdfgsdfg/FG3TNqkzC2gQm6OPMN28y64GOpcBH20CXZNG4+dsfgdsfgsdfgsdfg/sdfgdsfgdsfgdsfg+sdfgsdfgdsfg+sdfgsdfgsdfgdsfg==
```

* ## reference
    

> [https://repost.aws/knowledge-center/authenticate-mfa-cli](https://repost.aws/knowledge-center/authenticate-mfa-cli)
> 
> [https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/get-session-token.html](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/get-session-token.html)
> 
> [https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot\_access-denied.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_access-denied.html)

using AWS CLI under MFA

AWS/Security

Jesus, Love, Family, Happy Life, Linux, Cloud, SRE, DevOps Engineer, FinOps, System Engineer, Problem Solver


ktg0210

ktg0210

using AWS CLI under MFA

AWS/Security

outline

how-to

reference