diff options
Diffstat (limited to 'yubaws/README.md')
-rw-r--r-- | yubaws/README.md | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/yubaws/README.md b/yubaws/README.md new file mode 100644 index 0000000..f3ae1e2 --- /dev/null +++ b/yubaws/README.md @@ -0,0 +1,16 @@ +# YubiKey AWS Helper +This utility will help you configure your YubiKey as a virutal MFA device to use in AWS and refresh your local session token to interact with the API using MFA where required. Requires `ykman` to be in your PATH prior to running, as well as boto3 to be available. **Note: when setting up the YubiKey in the AWS console, you do NOT use it as a u2f device! We're leveraging the otp functionality baked into the YubiKey 4/5 series keys to instead generate OTP codes. At this time, u2f is NOT supported for generating session tokens programmatically.** + +## Usage +I recommend creating bash or zsh aliases for these functions - use whatever makes sense to you + +`yubaws.py configure` will help you setup a new MFA device on the YubiKey and in AWS + +`yubaws.py session` will get you a new session token associated with the MFA device for use with boto or awscli. Automatically updates your `~/.aws/credentials` + +`yubaws.py otp` will print an MFA code for logging into the AWS console, so you don't have to memorize the command to use `ykman` + +## Known Issues +* The calls to subprocess are due to an issue with using the native Yubico Python API and macOS at the time of writing +* If you already have a file called `.mfa_device` in your `.aws` config dir, it's going to get overwritten with any new devices created using `yubaws.py configure` +* Unexpected things may happen if you have more than 1 yubikey inserted while using this utility (read: it's untested, but it might be fine?) |