Using MFA with AWS CLI

One-minute read

MFA on AWS Cli


Just writing down the steps ive been manually taken for updating my credentials to use ecr in aws from the cli.

  1. Check authy on phone and write down code
  2. Check arn from aws and write that down
  3. Issue this command aws sts get-session-token --serial-number <arn here> --token-code <authy code>
  4. Take those values and plop the into ~/.aws/credentials
  5. Ensure the profile is [mfa]
  6. Convert the json to the toml keys
    1. “SecretAccessKey”: aws_secret_access_key
    2. “SessionToken”: aws_session_token
    3. “AccessKeyId”: aws_access_key_id
  7. Issue the command aws ecr get-login --profile mfa
  8. ecr above can be replaced with any service