Skip to content

IAM: AWS Role Based Access for users with MFA (MultiFactorAuthentication)

Luiz Fonseca edited this page Apr 24, 2018 · 2 revisions

Requirements (mix.exs):

  • ex_aws
  • ex_aws_sts
  • ex_aws_s3

Asking for a user MFA (they should have authy or so):

token = String.trim(IO.gets("Please type your MFA (MultiFactorAuthentication): "))

Getting a Session Token + Acess + Secret for the specific role

opts = %{
   token_code: token,
   serial_number: System.get_env("YOUR_USER_SERIAL_ARN_NUMBER") }

# Making the request to the STS api/ Assuming a role 
response = ExAws.STS.assume_role(System.get_env("ROLE_IAM_CODE"), "__SESSION_NAME__", opts)
|> ExAws.request! 

Using the response body to setup a new configuration process to use S3

new_conf = ExAws.Config.new(:s3, [
     access_key_id: response.body.access_key_id, 
     secret_access_key: response.body.secret_access_key, 
     security_token: response.body.session_token])

Using the new configuration (role-based)

ExAws.S3.list_objects(YOUR_BUCKET, delimiter: "/") |> ExAws.request!(new_conf) |> IO.inspect
Clone this wiki locally