kOps & MFA

The work around uses aws sts assume-role in combination with an MFA prompt to retrieve temporary AWS access keys. This provides , AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN environment variables which are automatically picked up by Go AWS SDK. You provide the MFA & Role ARNs, then invoke kops.

Usage

Download the script as kops-mfa, make it executable, put it on , set the KOPS_MFA_ARN and KOPS_MFA_ROLE_ARN environment variables. Run as kops-mfa followed by any kops command.

Use to generate temp session credentials. After setting up , use alias for kops command. This way terminal will ask for MFA each time the credential session is expired. Commands would be: