Bash script to port temporary STS creds to environment variables when MFA is required.

refresh_creds.sh

#!/usr/bin/env bash
# Usage: source ./refresh_creds.sh
# NOTE: You *must* source this file because it modifies environment variables.
# Executing the script directly will not change the calling shell's environment.

if [ -z ${AWS_MFA_DEVICE_ARN+x} ]
then
    echo "Environment variable AWS_MFA_DEVICE_ARN must be set to the ARN of your MFA device."
    return 1
fi

if [ -z ${1+x} ]
then
    echo "Usage: source ./refresh_creds.sh <MFA_TOKEN>"
    return 1
fi

unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SECURITY_TOKEN
unset AWS_SESSION_TOKEN

TMP=/tmp/sts-$$.json
aws sts get-session-token --serial-number $AWS_MFA_DEVICE_ARN --token-code $1 >$TMP

export AWS_ACCESS_KEY_ID=`jq '.Credentials.AccessKeyId' <$TMP| sed -e 's/"//g'`
export AWS_SECRET_ACCESS_KEY=`jq '.Credentials.SecretAccessKey' <$TMP| sed -e 's/"//g'`
export AWS_SESSION_TOKEN=`jq '.Credentials.SessionToken' <$TMP| sed -e 's/"//g'`

env | sort | grep "AWS_"