設定

パッケージインストール

1$ pip install boto3

update_credentials.py

1import boto3
2import configparser
3import os
4
5def update_aws_credentials(profile_name, access_key, secret_key, session_token):
6    config = configparser.ConfigParser()
7    aws_credentials_path = os.path.expanduser('~/.aws/credentials')
8    config.read(aws_credentials_path)
9
10    if profile_name not in config.sections():
11        config.add_section(profile_name)
12
13    config.set(profile_name, 'aws_access_key_id', access_key)
14    config.set(profile_name, 'aws_secret_access_key', secret_key)
15    config.set(profile_name, 'aws_session_token', session_token)
16
17    with open(aws_credentials_path, 'w') as configfile:
18        config.write(configfile)
19
20def get_aws_credentials(aws_access_key_id, aws_secret_access_key, mfa):
21    sts_client = boto3.client('sts', aws_access_key_id=aws_access_key_id, aws_secret_access_key=aws_secret_access_key)
22
23    code = input('### input MFA code ###: ')
24    response = sts_client.get_session_token(
25        DurationSeconds = 129600,
26        SerialNumber = mfa,
27        TokenCode = code
28    )
29    return response
30
31try:
32    # 払い出したアクセスキーとシークレットキーを設定
33    AWS_ACCESS_KEY_ID = 'AKASDEQQ...'
34    AWS_SECRET_ACCESS_KEY = 'LO/mL5g1lq...'
35    # 設定したMFAデバイスのarnを指定
36    MFA = 'arn:aws:iam::1234567890:mfa/hoge'
37    # プロファイル名
38    PROFILE = 'hoge'
39
40    credentials = get_aws_credentials(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, MFA)
41    AccessKeyId = credentials['Credentials']['AccessKeyId']
42    SecretAccessKey = credentials['Credentials']['SecretAccessKey']
43    SessionToken = credentials['Credentials']['SessionToken']
44    # 第一引数に上書きしたいプロファイル名を指定。指定したプロファイル名がない場合は作成します
45    update_aws_credentials(PROFILE, AccessKeyId, SecretAccessKey, SessionToken)
46    print("aws credentials update Successful.")
47except Exception as e:
48    print(e)
49

使い方

1$ python update_credentials.py
2
3### input MFA code ###: MFAのコード入れる