MFA
Stian Kristoffersen edited this page Mar 4, 2019
·
2 revisions
When assuming a role it might require MFA. Just like the AWS CLI, the Strongbox CLI will prompt you for the MFA token if it has been configured in your ~/.aws/credentials file. Strongbox will write the session to ~/.aws/cli/cache/ in a format compatible with the AWS CLI. This means that the AWS CLI and the Strongbox CLI can be used interchangeably with the same assumed session, regardless of which CLI was used to start the session.
Example ~/.aws/credentials file:
[default]
aws_access_key_id = ...
aws_secret_access_key = ...
[my-mfa-protected-profile]
source_profile = default
role_arn = arn:aws:iam::12345678910:role/role-to-assume
mfa_serial = arn:aws:iam::12345678910:mfa/user
Strongbox is then called with the --profile flag as follows
strongbox --profile my-mfa-protected-profile group list