Difference between revisions of "Aws sts get-session-token"

From wikieduonline
Jump to navigation Jump to search
 
(52 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{{lowercase}}
 
{{lowercase}}
* https://docs.aws.amazon.com/cli/latest/reference/sts/get-session-token.html
+
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/get-session-token.html
  
* <code>[[aws sts]] get-session-token --serial-number <mfa_device> --token-code <token></code>
+
[[aws sts]] get-session-token --profile "$1"  [[--serial-number]] "$2" [[--token-code]] $MFA_CODE
 +
 
 +
* Duration: 12 hours (43,200 seconds) as the default. Valid range: 15 minutes to 36 hours (129,600 seconds).
 +
 
 +
== Examples ==
 +
* <code>[[aws sts]] get-session-token --serial-number <[[mfa_device]]> [[--token-code]] <token></code>
 +
* <code>[[aws sts]] get-session-token --serial-number [[arn]]:aws:iam::62405745487395:mfa/yourname --token-code 123456</code>
 +
* <code>[[aws sts]] get-session-token --serial-number [[arn]]:aws:iam::62405745487395:mfa/yourname --duration-seconds 129600 --token-code 123456  </code>
 +
* <code>[[aws sts]] get-session-token --serial-number [[arn]]:aws:iam::62405745487395:mfa/yourname --duration-seconds 129600 --token-code 123456  --output text</code>
 +
 
 +
== Synopsys ==
 +
  get-session-token
 +
[--duration-seconds <value>]
 +
[--serial-number <value>]
 +
[--token-code <value>]
 +
[--cli-input-json <value>]
 +
[--generate-cli-skeleton <value>]
 +
 
 +
== Example ==
 +
aws sts get-session-token \
 +
    --duration-seconds 900 \
 +
    [[--serial-number]] "[[arn]]:aws:iam::62405745487395:[[mfa]]/yourname" \
 +
    --token-code 123456
 +
 +
{
 +
    "Credentials": {
 +
        "[[AccessKeyId]]": "AKIAIOSFODNN7EXAMPLE",
 +
        "[[SecretAccessKey]]": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
 +
        "[[SessionToken]]":  "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE",
 +
        "Expiration": "2020-05-19T18:06:10+00:00"
 +
    }
 +
}
 +
 
 +
== Errors ==
 +
[[An error occurred (AccessDenied) when calling the GetSessionToken operation: MultiFactorAuthentication failed, unable to validate MFA code.  Please verify your MFA serial number is valid and associated with this user.]]
 +
Solution: make sure you are using a [[mfa]] [[ARN]], <code>arn:aws:iam::62405745487395:[[mfa]]/yourname</code>
 +
 
 +
[[An error occurred (AuthFailure) when calling the DescribeInstances operation: AWS was not able to validate the provided access credentials]]
 +
Solution: make sure to add your generated credentials including [[AWS_SESSION_TOKEN]] to your [[credentials]] file
 +
 
 +
[[An error occurred (AccessDenied) when calling the GetSessionToken operation: MultiFactorAuthentication failed, must provide both MFA serial number and one time pass code.]]
 +
 
 +
An error occurred ([[ExpiredToken]]) when calling the XXX operation: The provided token has expired.
 +
 
 +
An error occurred ([[InvalidClientTokenId]]) when calling the GetSessionToken operation: [[The security token included in the request is invalid]]
 +
 
 +
An error occurred ([[ExpiredToken]]) when calling the GetSessionToken operation: [[The security token included in the request is expired]]
  
 
== Related terms ==
 
== Related terms ==
 
* [[MFA]]
 
* [[MFA]]
 +
* <code>[[aws iam list-virtual-mfa-devices --output text]]</code>
 +
* <code>[[AWS_SESSION_TOKEN]]</code>
 +
* <code>[[AWS_DEFAULT_REGION]]</code>
 +
* <code>[[aws-sts-get-session-token]]</code> script
 +
* [[Terraform AWS provider]]: <code>[[assume_role]]</code>
 +
* <code>[[aws sts get-federation-token]]</code>
 +
* [[1password]]
 +
* [[EKS]]: <code>[[aws eks get-token]]</code>
 +
* <code>[[aws sts get-access-key-info]]</code>
 +
 +
== Activities ==
 +
* Read https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/
 +
* [[Using temporary credentials with AWS resources]]
  
==See also==
+
== See also ==
 
* {{aws sts}}
 
* {{aws sts}}
 
* {{aws iam}}
 
* {{aws iam}}
  
 
[[Category:AWS]]
 
[[Category:AWS]]

Latest revision as of 07:29, 6 June 2024

https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/get-session-token.html

aws sts get-session-token --profile "$1"  --serial-number "$2" --token-code $MFA_CODE
  • Duration: 12 hours (43,200 seconds) as the default. Valid range: 15 minutes to 36 hours (129,600 seconds).

Examples[edit]

  • aws sts get-session-token --serial-number <mfa_device> --token-code <token>
  • aws sts get-session-token --serial-number arn:aws:iam::62405745487395:mfa/yourname --token-code 123456
  • aws sts get-session-token --serial-number arn:aws:iam::62405745487395:mfa/yourname --duration-seconds 129600 --token-code 123456
  • aws sts get-session-token --serial-number arn:aws:iam::62405745487395:mfa/yourname --duration-seconds 129600 --token-code 123456 --output text

Synopsys[edit]

  get-session-token
[--duration-seconds <value>]
[--serial-number <value>]
[--token-code <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]

Example[edit]

aws sts get-session-token \
    --duration-seconds 900 \
    --serial-number "arn:aws:iam::62405745487395:mfa/yourname" \
    --token-code 123456

{
    "Credentials": {
        "AccessKeyId": "AKIAIOSFODNN7EXAMPLE",
        "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
        "SessionToken":  "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE",
       "Expiration": "2020-05-19T18:06:10+00:00"
   }
}

Errors[edit]

An error occurred (AccessDenied) when calling the GetSessionToken operation: MultiFactorAuthentication failed, unable to validate MFA code.  Please verify your MFA serial number is valid and associated with this user.
Solution: make sure you are using a mfa ARN, arn:aws:iam::62405745487395:mfa/yourname
An error occurred (AuthFailure) when calling the DescribeInstances operation: AWS was not able to validate the provided access credentials
Solution: make sure to add your generated credentials including AWS_SESSION_TOKEN to your credentials file
An error occurred (AccessDenied) when calling the GetSessionToken operation: MultiFactorAuthentication failed, must provide both MFA serial number and one time pass code.
An error occurred (ExpiredToken) when calling the XXX operation: The provided token has expired.
An error occurred (InvalidClientTokenId) when calling the GetSessionToken operation: The security token included in the request is invalid
An error occurred (ExpiredToken) when calling the GetSessionToken operation: The security token included in the request is expired

Related terms[edit]

Activities[edit]

See also[edit]

Advertising: