awscli mfaの使い方
概要
- AWSでMFAを有効化した際に、awscliでMFAを使う方法
MFAの設定
- AWSのIAMコンソールでMFAを有効化
awscliの設定
hogeとhoge-long-termという2つのプロファイルを設定する
.aws/config
[hoge]
region = ap-northeast-1
output = json
[hoge-long-term]
region = ap-northeast-1
output = json
.aws/credentials
[hoge]
(自動生成される)
[hoge-long-term]
[exidea-long-term]
aws_access_key_id = ***********
aws_secret_access_key = ************
aws_mfa_device = arn:aws:iam::*************:mfa/********* # MFAデバイスのARNを指定
aws-mfa を利用した認証
$ export AWS_PROFILE=hoge
$ pipx run aws-mfa --force
INFO - Validating credentials for profile: exidea
INFO - Forcing refresh of credentials.
Enter AWS MFA code for device [arn:aws:iam::************:mfa/*********] (renewing for 43200 seconds): <MFAコードを入力>
INFO - Fetching Credentials - Profile: exidea, Duration: 43200
INFO - Success! Your credentials will expire in 43200 seconds at: 2025-07-10 17:34:06+00:00