-
-
Notifications
You must be signed in to change notification settings - Fork 23
Expand file tree
/
Copy pathConnect-AwsLogin.ps1
More file actions
91 lines (75 loc) · 2.31 KB
/
Connect-AwsLogin.ps1
File metadata and controls
91 lines (75 loc) · 2.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
<#
.SYNOPSIS
Sign in to AWS CLI using MFA for the configured profile of an IAM user.
.PARAMETER Account
Your AWS account number, default is $env:AWS_ACCOUNT.
.PARAMETER Code
The current code from your MFA device, e.g. Microsoft Authenticator
.PARAMETER Device
The name of your IAM MFA profile, default is $env:AWS_PROFILE.
This can be found under your IAM user, security credentials tab, in the MFA section;
it is the last part of the device identifier arn.
It should alos be visible in your MFA app, the part before the '@'
.PARAMETER Profile
Your configured AWS profile name, default is $env:AWS_PROFILE.
.DESCRIPTION
This requires only a simple profile in your .aws/config such as
[profile my-profile-name]
region = us-east-1
output = json
#>
param(
[string] $Account,
[string] $Device,
[string] $Profile,
[string] $Code
)
Begin
{
function Login
{
$json = (aws sts get-session-token `
--serial-number arn:aws:iam::$Account`:mfa/$Device `
--token-code $Code --profile $Profile)
if ($LASTEXITCODE -ne 0)
{
Write-Host 'Error getting session' -ForegroundColor Red
Write-Host $json
return
}
$credentials = ($json | ConvertFrom-Json).Credentials
$env:AWS_ACCESS_KEY_ID = $credentials.AccessKeyId
$env:AWS_SECRET_ACCESS_KEY = $credentials.SecretAccessKey
$env:AWS_SESSION_TOKEN = $credentials.SessionToken
$delta = [DateTime]::Parse($credentials.Expiration) - [DateTime]::Now
Write-Host
Write-Host "Successfully connected, session expires in $($delta.Hours)h $($delta.Minutes)m" -ForegroundColor Green
}
}
Process
{
if (!$Account)
{
$Account = Read-Host -Prompt "... AWS account # [$env:AWS_ACCOUNT]"
if ([String]::IsNullOrWhiteSpace($Account)) { $Account = $env:AWS_ACCOUNT }
if ([String]::IsNullOrWhiteSpace($Account)) { exit 0 }
}
if (!$Profile)
{
$Profile = Read-Host -Prompt "... AWS profile [$env:AWS_PROFILE]"
if ([String]::IsNullOrWhiteSpace($Profile)) { $Profile = $env:AWS_PROFILE }
if ([String]::IsNullOrWhiteSpace($Profile)) { exit 0 }
}
if (!$Device)
{
$Device = Read-Host -Prompt "... MFA device [$env:AWS_DEVICE]"
if ([String]::IsNullOrWhiteSpace($Device)) { $Device = $env:AWS_DEVICE }
if ([String]::IsNullOrWhiteSpace($Device)) { exit 0 }
}
if (!$Code)
{
$Code = Read-Host -Prompt '... MFA code'
if ([String]::IsNullOrWhiteSpace($Code)) { exit 0 }
}
Login
}