GitLocker: The Coding Marketplace

Description:

AutoAWSMFA 0.0.4

Auto AWS MFA
Auto AWS MFA (autoawsmfa) is a script for managing AWS Session tokens enabled with MFA, this can also be used to generate MFA tokens for other applications that provides secret key while configuring MFA.
Installation
Requirements
autoawsmfa is built using the botocore & boto3 library and Python 3.5+. Python 2 is not supported. autoawsmfa
also requires keyring, pyotp and pyperclip (available on pip).
Installation from Pip
pip install AutoAWSMFA

Installation From Source Code
Clone the repository:
git clone git@github.com:pmadhyasta/autoawsmfa.git

Then install with Pip:
cd autoawsmfa
pip install .

Usage
usage: autoawsmfa [-h] [-v] [-p PROFILE] [--credential-path CREDENTIAL_PATH] [--arn ARN] {mfa,session} ...

Auto update your AWS CLI MFA session token

optional arguments:
-h, --help show this help message and exit
-v, --version show the version number and exit
-p PROFILE, --profile PROFILE
AWS profile to store the session token. Default looks for "AWS_PROFILE"
--credential-path CREDENTIAL_PATH
path to the aws credentials file
--arn ARN AWS ARN from the IAM console (Security credentials -> Assigned MFA device). This is saved to your .aws/credentials file

subcommand:
The subcommand to use among this suite of tools

{mfa,session} Select a subcommand to execute
mfa Add MFA secret configuration key or get a token for registered MFA secret
session Start AWS CLI MFA session, use stored token or provide custom token "--custom-token"

Manage MFA
Add Secret
Add a new MFA secret to a specific AWS Profile
autoawsmfa --profile <profile name> mfa --add-secrete

Profile name should exist in '~/.aws/credentials' for posix or in '%UserProfile%.aws\credentials' fot NT/windows
Get Secret
Get MFA token from earlier added secret, token copied to clipboard to be used to login to AWS Console
autoawsmfa --profile <profile name> mfa --get-token

If the secret is not added earlier for the specified profile, it will prompt to add secret
Delete Secret
Delete secret from keyring
autoawsmfa --profile <profile name> mfa --del-secret

Optional arguments that can be used
usage: autoawsmfa mfa [-h] (--add-secret | --get-token | --del-secret) [--non-aws]

Manage MFA

optional arguments:
-h, --help show this help message and exit
--add-secret Add MFA secret configuration key and genereate session tokens
--get-token Display token, valid for 30 sec. Token added to clipboard to be used for GUI console login
--del-secret Delete stored secret
--non-aws Store non aws secret and generate MFA token

Non AWS MFA
This can be used to register the non AWS secrets such as OKTA or any thirdparty MFA enabled application.
This option prompts for application name and user name to register and retrieve token. You shoud make a note of application name and user name while registring as currently there is no option to list view the secrets stored.
autoawsmfa mfa --non-aws --get-token

Manage AWS Session
Start session
Start the session for MFA secret registered profile
autoawsmfa --profile <profile name> session --start

Optional arguments can be given for duration and if a third party MFA device token should be used
usage: autoawsmfa session [-h] --start [--duration DURATION] [--custom-token CUSTOM_TOKEN]

Manage AMS CLI MFA session

optional arguments:
-h, --help show this help message and exit
--start Start AWS MFA session for the selected profile
--duration DURATION Specify session token duration in minutes before it expires. Duration limitation as per AWS is
minimum 15 and maximum 720 minutes, default is 720 minutes/12 Hrs
--custom-token CUSTOM_TOKEN
Provide 6 digit token from your MFA devices