AWS aws-vault

• 설치

$ brew install awscli
$ brew --cask install aws-vault

$ aws-vault --version
6.3.1-Homebrew

# brew 외 설치
$ choco install aws-vault  # 윈도우 Chocolatey
$ scoop install aws-vault  # 윈도우 Scoop
$ yay -S aws-vault         # Arch Linux AUR
$ pkg install aws-vault    # FreeBSD 
$ nix-env -i aws-vault     # NixOS

• 프로필 추가

$ aws-vault add <PROFILE_NAME>
Enter Access Key ID: ...
Enter Secret Access Key: ...
Added credentials to profile "<PROFILE_NAME>" in vault

• 인증정보 등록 확인

$ aws-vault ls
Profile                  Credentials              Sessions
=======                  ===========              ========
joo                      -                        -

• 가장 기본적으로 사용하는 방법

$ aws-vault exec <PROFILE_NAME> -- <COMMAND>

# example
$ aws-vault exec joo -- aws s3 ls

# 좀 더 자세히 보려면
$ aws-vault exec --debug joo aws s3 ls

• session 장시간 사용 / session 제거

# 장시간 세션
$ aws-vault -s joo -- <long-operation>

# 세션 제거
$ aws-vault remove joo --sessions-only

• 환경변수 확인

$ aws-vault exec joo -- grep AWS
AWS_VAULT=joo
AWS_DEFAULT_REGION=ap-northeast-2
AWS_REGION=ap-northeast-2
AWS_ACCESS_KEY_ID=...
AWS_SECRET_ACCESS_KEY=...
AWS_SECURITY_TOKEN=...
AWS_SESSION_EXPIRATION=2022-04-03T09:10:20Z

• iam 사용자 기반으로 iam 권한 사용

~/.aws/config MFA 작성

[profile joo]
region = ap-northeast-2
mfa_serial=arn:aws:iam::1234567890:mfa/joo <- iam mfa arn

$ aws-vault exec joo -- aws iam get-user
mfa 입력 -> 결과

• 등록한 프로필로 aws 웹 콘솔 로그인

$ aws-vault login joo

• help

$ aws-vault exec --help