Security News
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
By Sarah Gooding - Jan 28, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
- Maintainers
- 1
AWS CLI MFA
Developed by Ajeet Yadav
Example of How To Use
# Setup ARN and profile name
cli-aws-mfa init
# Refresh Session Token
cli-aws-mfa refresh
Policy Used for CLI MFA
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "MustBeSignedInWithMFA",
"Effect": "Deny",
"NotAction": [
"iam:CreateVirtualMFADevice",
"iam:DeleteVirtualMFADevice",
"iam:ListVirtualMFADevices",
"iam:EnableMFADevice",
"iam:ResyncMFADevice",
"iam:ListAccountAliases",
"iam:ListUsers",
"iam:ListSSHPublicKeys",
"iam:ListAccessKeys",
"iam:ListServiceSpecificCredentials",
"iam:ListMFADevices",
"iam:GetAccountSummary",
"sts:GetSessionToken"
],
"Resource": "*",
"Condition": {
"BoolIfExists": {
"aws:MultiFactorAuthPresent": "false"
}
}
}
]
}
Here's a brief summary of the methods in this class:
__init__(self, profile_name="mfa-user", mfa_arn=None): Initializes a newMFAinstance with the specified profile name and MFA ARN (Amazon Resource Name).set_mfa_token(self, token): Sets the MFA token for the instance.set_mfa_arn(self, arn): Sets the MFA ARN for the instance.authenticate(self): Authenticates with AWS using the specified MFA ARN and token, and returns a set of temporary credentials.set_credential(self, credentials): Sets the AWS credentials for the specified profile name using the temporary credentials returned byauthenticate().check_mfa_arn_file(self): Checks if the MFA ARN file exists in the AWS configuration directory.check_mfa_profile_file(self): Checks if the profile file exists in the AWS configuration directory.get_arn_from_file(self): Reads the MFA ARN from the MFA ARN file in the AWS configuration directory.get_profile_from_file(self): Reads the profile name from the profile file in the AWS configuration directory.validate_session(self): Validates the session for the specified profile name and prints an error message if any of the AWS access keys are not set.
Here's some documentation for each of the methods in this class:
__init__(self, profile_name="mfa-user", mfa_arn=None): This is the constructor for theMFAclass. It initializes a new instance with the specified profile name and MFA ARN. If no profile name is specified, the default profile name is "mfa-user". If no MFA ARN is specified, it is set toNone.set_mfa_token(self, token): This method sets the MFA token for the instance.set_mfa_arn(self, arn): This method sets the MFA ARN for the instance.authenticate(self): This method authenticates with AWS using the specified MFA ARN and token. It returns a set of temporary credentials that can be used to access AWS resources.set_credential(self, credentials): This method sets the AWS credentials for the specified profile name using the temporary credentials returned byauthenticate(). It writes the credentials to the AWS credentials file in the user's home directory.check_mfa_arn_file(self): This method checks if the MFA ARN file exists in the AWS configuration directory. If the file exists, it returnsTrue. Otherwise, it returnsFalse.check_mfa_profile_file(self): This method checks if the profile file exists in the AWS configuration directory. If the file exists, it returnsTrue. Otherwise, it returnsFalse.get_arn_from_file(self): This method reads the MFA ARN from the MFA ARN file in the AWS configuration directory. It returns the MFA ARN as a string.get_profile_from_file(self): This method reads the profile name from the profile file in the AWS configuration directory. If the file exists, it returns the profile name as a string. Otherwise, it returns the default profile name ("mfa-user").validate_session(self): This method validates the session for the specified profile name. If any of the AWS access keys are not set, it prints an error message. Otherwise, it prints a message
FAQs
AWS CLI MFA - Easily Manage Session Token
We found that cli-aws-mfa demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
By Sarah Gooding - Jan 24, 2025
Security News
cURL Project and Go Security Teams Reject CVSS as Broken
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
By Sarah Gooding - Jan 24, 2025