Skip to main content

How to assume a role on target account from login account using MFA Code?

Step 1: Run the following command and get the temporary credentials.

aws sts assume-role \
--role-arn arn:aws:iam::<TargetAccountId>:role/<RoleName> \
--role-session-name <RoleName> \
--serial-number arn:aws:iam::<LoginAccountId>:mfa/<LoginName> \
--token-code <6DigitMFACode>

Step 2: The temporary credentials include the following:
  • AccessKeyId
  • SecretAccessKey
  • SessionToken
  • Expiration date and time (this token is valid for 1 hour by default)
Copy these values and create a profile in %USERPROFILE%\.aws\credentials file as follows:

[PROFILE_NAME]
aws_access_key_id = <AccessKeyId>
aws_secret_access_key = <SecretAccessKey>
aws_session_token = <SessionToken>

Step 3: You can now use this profile to assume <RoleName> role in <TargetAccountId> account.
Labels:

Comments

Post a Comment

Popular posts from this blog

AWS Route53 - Private Hosted Zone

Post a Comment
Read more

AWS - Error - An error occurred (ExpiredToken) when calling the DescribeStacks operation: The security token included in the request is expired

Error:   An error occurred (ExpiredToken) when calling the DescribeStacks operation: The security token included in the request is expired. Reason: It occurred when I ran a MAKE command with a profile having expired token (security credentials) Fix: Generate new security credentials (aws sts assume-role) and run the command again
Post a Comment
Read more

High availability (Multi-AZ) for Amazon RDS

There is something called failover technology in Amazon. AWS RDS's Multi-AZ deployment uses this technology. If you enable Multi-AZ for an RDS DB, say MySQL DB, RDS automatically creates a standby replica in a different AZ. If the primary DB instance is in AZ-1A, then RDS creates a standby replica in AZ-1B (for example). Suppose I add a new row to a table in the primary DB, then the same row is added, almost in the same time, in the standby replica. This is called as synchronous replication . Thus, standby replicas are useful during DB instance failure/ AZ disruption . How? Because, there is no need to create a backup later because the backup has already been created. This gives high availability during planned system maintenance. Normal backup  operation - I/O activities are blocked in the primary database  Automated backup operation (standby replica) - I/O activities are not blocked This standby replica is not similar to read replica (which is used for disaster recovery). S...
Post a Comment
Read more