Skip to content

Commit 5caaebe

Browse files
author
Michael Kania
committed
add aws-vault details
1 parent c80bc63 commit 5caaebe

File tree

1 file changed

+15
-8
lines changed

1 file changed

+15
-8
lines changed

README.md

Lines changed: 15 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,10 @@
11
# setup-new-aws-user
22

3-
This tool is used to grant programmatic access to AWS account(s) that aren't
4-
backed by SAML federation or SSO. It works by taking a temporary set of AWS
5-
access keys for a new IAM user. It then generates a virtual MFA device and permanent
6-
set of access keys. Finally, it removes the temporary access keys.
3+
This tool is used to grant programmatic access to AWS account(s) using
4+
[aws-vault](https://github.com/99designs/aws-vault). It works by taking a
5+
temporary set of AWS access keys for a new IAM user. It then generates a
6+
virtual MFA device and permanent set of access keys. Finally, it removes
7+
the temporary access keys.
78

89
## Installation
910

@@ -18,6 +19,12 @@ brew install setup-new-aws-user
1819

1920
### Prerequisites
2021

22+
#### Dependencies
23+
24+
```shell
25+
brew cask install aws-vault
26+
```
27+
2128
Before running this tool, you will need to following pieces of information
2229

2330
* IAM role - This is the IAM Role with permissions allowing access to AWS APIs
@@ -35,14 +42,14 @@ Before running this tool, you will need to following pieces of information
3542

3643
1. Run the setup-new-user - `setup-new-aws-user --role <IAM_ROLE> --iam_user <USER> --profile=<AWS_PROFILE> --account-id=<AWS_ACCOUNT_ID>`
3744
2. Enter the access keys generated when prompted.
38-
3. The script will display a QR code for an MFA device at some point.
39-
4. Create an entry in your 1Password account with a One Time Password (OTP)
40-
field and be ready to scan it with the 1Password app.
41-
45+
3. The script will open a window with a QR code, which you will use to configure
46+
a temporary one time password (TOTP).
47+
4. Create an entry in your 1Password account field and be ready to scan it with the 1Password app.
4248
**NOTE** You will be asked for your MFA (TOTP) tokens three times while
4349
validating the new virtual MFA device and rotating your access keys.
4450
**Take care not to use the same token
4551
more than once**, as this will cause the process to fail.
52+
5. Once the tool has completed, you should be able to access the AWS account. You can run the following
4653

4754
## Development setup
4855

0 commit comments

Comments
 (0)