Serverless plugin to assume role using MFA
npm install serverless-aws-2nd-factor``
npm install --save-dev serverless-aws-2nd-factor
plugins:
- serverless-offline
- serverless-aws-2nd-factor
$3
aws-2nd-factor:
# TMP credentials storage
# default: path.join(custom.tmpFolder || os.tmpdir(), );
tmpFile: /.cred-files.tmp
# default: os.tmpdir()
tmpFolder: .
# Base profile. We use this profile to login with MFA
baseProfile: cf
# Profile to be assumed
localProfile: cf-dev
# Session time (minutes)
maxTime: 43200
# MFA serial number. Preferred in env vars
mfaSerialNumber: arn:aws:iam::{aws_account}:mfa/{aws_user}
# Use plugin (not recommended for cloud environment, only for local)
force: false
# AWS session prefix
sessionPrefix: cfsvl-
`$3
[cf]
region = us-west-1
output = json
[cf-dev]
region = us-west-1
output = json
$3
[cf]
aws_access_key_id = XXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXX
mfa_serial = arn:aws:iam::{accountId}:mfa/{loginUserId}
[cf-dev]
role_arn = arn:aws:iam::XXXXXXXXX:role/{role-to-be-assumed}
source_profile = cf
role_session_name = MFAUser
mfa_serial = arn:aws:iam::XXXXXXXXXXX:mfa/{loginUserId}