Refreshing Temporary Credentials in an AWS CLI Profile
ACM.235 Refresh credentials associated with a cross-account role AWS CLI profile that requires MFA
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics | Code.
🔒 Related Stories: AWS Security | Application Security
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In the last post I wrote about protecting git repositories using protected branches and rulesets.
I’ve been writing in between other things about functions I wrote for role assumptions using the AWS CLI. One method was to obtain temporary credentials and create a new AWS CLI profile to use them with AWS CLI commands.
I use those commands in scripts to deploy stacks of resources where I create the profile and then run a bunch of commands. But I found myself wanting to run one-off commands here and there and the credentials had expired.
Rather than run my whole script again I ended up writing a script to leverage my functions to refresh the role when needed.
Here’s what my script looks like and this shows you a clearer example of how to use my functions to create an AWS CLI profile for a cross-account role that requires MFA.
I intend to try to keep making this simpler. I have some other ideas hopefully I’ll get around to later and hopefully more Okta testing. But for now, I need to get some other things done for an AWS pentest!
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab