MFA制限ユーザからAWS APIへリクエストを送る
まずはMFA制限されているユーザーからS3へのputが出来ないことを確認
$ aws s3api put-object --bucket hugahugabuket --key test --body yarn.lock
An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
トークン取得
セッショントークンの発行
$ aws sts get-session-token --serial-number arn:aws:iam::{yourAWSAccountNum}:mfa/{yourUserName} --token-code {yourTokenCodeNow}
{
"Credentials": {
"SecretAccessKey": "seeeeeeeeecreeeeeeet",
"SessionToken": "dummyXdzEHEaDLlHR//cWKN9N6alSyKwAUTtBljrCbQsJAyokX+MmchXOn/FmrDCeRzf+DBWpShOu3WYUdEYBF70ew7DHUrYepLzQZBVcKZwRVpZokPtwu6/xM9S0p67G658auQs1d5K3Nbpqt/+AHX23CGyICXOHeCgjw1fCpkEuqvsdro0Cgx43d+CZ47cT0voIrm3WCZdSZpWyViig4uhw817LUVIEzdDq5KKbO4jTv/uQNGAiBzGVMqrsLnTKrXGxbqebKdtKOa5rc4F",
"Expiration": "2017-01-01T00:00:00Z",
"AccessKeyId": "keyiddddddddddd"
}
}
環境変数に設定
$ export AWS_ACCESS_KEY_ID=keyiddddddddddd
$ export AWS_SECRET_ACCESS_KEY=seeeeeeeeecreeeeeeet
$ export AWS_SESSION_TOKEN=dummyXdzEHEaDLlHR//cWKN9N6alSyKwAUTtBljrCbQsJAyokX+MmchXOn/FmrDCeRzf+DBWpShOu3WYUdEYBF70ew7DHUrYepLzQZBVcKZwRVpZokPtwu6/xM9S0p67G658auQs1d5K3Nbpqt/+AHX23CGyICXOHeCgjw1fCpkEuqvsdro0Cgx43d+CZ47cT0voIrm3WCZdSZpWyViig4uhw817LUVIEzdDq5KKbO4jTv/uQNGAiBzGVMqrsLnTKrXGxbqebKdtKOa5rc4F
MFA制限ユーザからAWS APIへリクエストを送る
$ aws s3api put-object --bucket hugahugabuket --key test --body yarn.lock
{
"ETag": "\"2c641037fc0f3493es507a3d6wa6957d\""
}
成功ー!