One primary #AWS account #security tool is #IAM roles. My practice is that user without MFA can't do anything. I force the user to assume the role before she can do anything. This can be real pain if you have to manage multiple accounts. Also Terraform has some “issues” with MFA so assuming the role and setting up the credentials to the environment variables is the simplest solution.
The best tool to manage this chaos is awsume. Before using it you have to setup your credentials properly to the shared credentials.
To ~/.aws/credentials I set up the "main account".
1 2 3 | [mainaccount] aws_access_key_id = <accesskey> aws_secret_access_key = <secret key> |
The IAM policy does not require MFA for this yet. It doesn’t allow many actions either. Actually if the MFA is not used, then this account is only allowed to set the virtual MFA device and change the console password. (But I’ll have another post about that later…)
At ~/.aws/config I have:
1 2 3 4 | [profile dev-website-admin] role_arn = arn:aws:iam::1234566543321:role/Admin source_profile = otherprofile mfa_serial = arn:aws:iam::1234566543324:mfa/myaccountt |
Now the credentials are properly set. To assume the role with awsume you only need:
awsume dev-website-admin
It sets the proper temporary credentials and asks the MFA token if that's needed.
Poker - How to Play Baccarat - FEBCASINO
ReplyDeleteThe term poker is choegocasino a slang term for a poker worrione game played by three or more players in one casino or bingo. It is played with numbers febcasino 2 and 3 and can be