serverless-aws-2nd-factor
2nd factor for AWS serverless local projects
Important
Recommended for local development working with serverless-offline Only works if SERVERLESS_LOCAL_ENV env var is 1 or force custom var is true
npm install --save-dev serverless-aws-2nd-factor
serverless.yml
plugins:
- serverless-offline
- serverless-aws-2nd-factor
Custom variables
aws-2nd-factor:
# TMP credentials storage
# default: path.join(custom.tmpFolder || os.tmpdir(), `.${this.BASE_PROFILE}-${this.LOCAL_PROFILE}-2nd-aws-credentials.tmp`);
tmpFile: /.cred-files.tmp
# default: os.tmpdir()
tmpFolder: .
# Base profile. We use this profile to login with MFA
baseProfile: cf
# Profile to be assumed
localProfile: cf-dev
# Session time (minutes)
maxTime: 43200
# MFA serial number. Preferred in env vars
mfaSerialNumber: arn:aws:iam::{aws_account}:mfa/{aws_user}
# Use plugin (not recommended for cloud environment, only for local)
force: false
# AWS session prefix
sessionPrefix: cfsvl-
.aws/config
[cf]
region = us-west-1
output = json
[cf-dev]
region = us-west-1
output = json
.aws/credentials
[cf]
aws_access_key_id = XXXXXXXXXX
aws_secret_access_key = XXXXXXXXXXXXXX
mfa_serial = arn:aws:iam::{accountId}:mfa/{loginUserId}
[cf-dev]
role_arn = arn:aws:iam::XXXXXXXXX:role/{role-to-be-assumed}
source_profile = cf
role_session_name = MFAUser
mfa_serial = arn:aws:iam::XXXXXXXXXXX:mfa/{loginUserId}