Skip to content
This repository has been archived by the owner on Oct 2, 2024. It is now read-only.

Support of enforced AWS MFA #171

Merged
merged 6 commits into from
Oct 4, 2021
Merged

Support of enforced AWS MFA #171

merged 6 commits into from
Oct 4, 2021

Conversation

igorkotof
Copy link
Contributor

@igorkotof igorkotof commented Sep 24, 2021

  • Makefile requires to have AWS_MFA_ENABLED variable (true or false)
  • After execution of local script for getting MFA session token you will be able to use ICMK targets which use AWS CLI

@github-actions
Copy link

github-actions bot commented Sep 24, 2021

Unit Test Results

1 files  ±0  1 suites  ±0   38s ⏱️ ±0s
9 tests ±0  9 ✔️ ±0  0 💤 ±0  0 ±0 

Results for commit a4680b0. ± Comparison against base commit a4680b0.

♻️ This comment has been updated with latest results.

@igorkotof
Copy link
Contributor Author

Copy link
Contributor

@kobrikx kobrikx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

# Macroses
########################################################################################################################
# We don't check for AWS_PROFILE, but instead we assume the profile name.
# You can override it, although it's recommended to have a profile per environment in your ~/.aws/credentials
AWS_PROFILE ?= $(NAMESPACE)-$(ENV)
AWS_CLI_PROFILE ?= $(shell echo $$(if [ "$(AWS_MFA_ENABLED)" = "true" ]; then echo ""; else echo "--profile $(AWS_PROFILE)"; fi))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you think this should be reflecting the MFA nature? like AWS_PROFILE_MFA?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AutomationD I do not think so since if we use MFA - there is no needs in AWS Profile, thoughts?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, sounds good. Let's keep it as is.

aws/main.mk Outdated Show resolved Hide resolved
# Macroses
########################################################################################################################
# We don't check for AWS_PROFILE, but instead we assume the profile name.
# You can override it, although it's recommended to have a profile per environment in your ~/.aws/credentials
AWS_PROFILE ?= $(NAMESPACE)-$(ENV)
AWS_CLI_PROFILE ?= $(shell echo $$(if [ "$(AWS_MFA_ENABLED)" = "true" ]; then echo ""; else echo "--profile $(AWS_PROFILE)"; fi))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, sounds good. Let's keep it as is.

@igorkotof igorkotof merged commit a4680b0 into master Oct 4, 2021
@igorkotof igorkotof deleted the mfa-fix branch October 4, 2021 15:08
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants