-
Notifications
You must be signed in to change notification settings - Fork 4
Support of enforced AWS MFA #171
Conversation
igorkotof
commented
Sep 24, 2021
•
edited by AutomationD
Loading
edited by AutomationD
- Makefile requires to have AWS_MFA_ENABLED variable (true or false)
- After execution of local script for getting MFA session token you will be able to use ICMK targets which use AWS CLI
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
# Macroses | ||
######################################################################################################################## | ||
# We don't check for AWS_PROFILE, but instead we assume the profile name. | ||
# You can override it, although it's recommended to have a profile per environment in your ~/.aws/credentials | ||
AWS_PROFILE ?= $(NAMESPACE)-$(ENV) | ||
AWS_CLI_PROFILE ?= $(shell echo $$(if [ "$(AWS_MFA_ENABLED)" = "true" ]; then echo ""; else echo "--profile $(AWS_PROFILE)"; fi)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think this should be reflecting the MFA
nature? like AWS_PROFILE_MFA
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@AutomationD I do not think so since if we use MFA - there is no needs in AWS Profile, thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, sounds good. Let's keep it as is.
# Macroses | ||
######################################################################################################################## | ||
# We don't check for AWS_PROFILE, but instead we assume the profile name. | ||
# You can override it, although it's recommended to have a profile per environment in your ~/.aws/credentials | ||
AWS_PROFILE ?= $(NAMESPACE)-$(ENV) | ||
AWS_CLI_PROFILE ?= $(shell echo $$(if [ "$(AWS_MFA_ENABLED)" = "true" ]; then echo ""; else echo "--profile $(AWS_PROFILE)"; fi)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, sounds good. Let's keep it as is.