Skip to content

anvix9/AWS-Token-Refresh-Automation-Guide-in-terminal-

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README.md
README.md
 
 
script.py
script.py
 
 

Repository files navigation

AWS Token Refresh Automation Guide (in terminal)

A practical guide for managing AWS CLI token refresh, both manually and programmatically.

Table of Contents

  1. Introduction
  2. Prerequisites
  3. The Token Refresh Challenge
  4. Manual Token Refresh Process
  5. Best Practices
  6. Automation
  7. Author

Introduction

I needed to write this because it is so annoying to each time refresh my CLI aws tokens manually. Also, I struggled hours to get the right steps by myself.

This small tutorial explains how to manually but also programmatically refresh your CLI aws tokens when needed, as long as you remember your profile name (we get this after configuring the sso profile aka: aws configure sso).

I hope this could be helpful. It is up to date and I will be maintaining it at least for my own sake so you can trust that. If there is an issue do not hesitate to create an issue or contribute!

Prerequisites

  • AWS account setup (root and IAM/IAM identity)
  • Basic AWS CLI configuration
  • AWS SSO access

The Token Refresh Challenge

When using AWS with GitHub Actions or other services, access tokens expire (typically after 1 hour), requiring manual refresh (At least that is what I was doing). Here is a simple solution I came with.

Manual Token Refresh Process

1. Check Token Status

To verify if your session has expired:

aws sts get-caller-identity --profile <profile-name>

If expired, you'll see:

... The security token included in the request is expired

Or close to that...

2. Refresh Process

  1. Run the SSO configuration:

    aws configure sso

  2. Follow the prompts and provide:

    • Start url (if you have your IAM identity account, you can easily get it)
    • Key ID
    • Access key
    • Session token

  3. Click the provided authentication link to approve the connection

  4. Use the profile:

    aws s3 ls --profile your-profile-name

This command will basically create a new json file in your local machine with the new credentials, so REALLY IMPORTANT to type it!

3. Token Location

  • For Ubuntu users: ~/.aws/cli/ (I am an Ubuntu user sorry the others, look for your own path...)
  • Look for the most recent JSON configuration file
  • Extract and update the required credentials

Best Practices

Keep basic configuration information easily accessible. (I do that by storing them in a flash drive or env_variables but I still put them somewhere)

Automation

I have written a python script that does just what I explained here. You just have to type in terminal:

script.py --profile <profile-name>

Replace <profile-name> with the last profile name you used to perform the previous aws configure sso. Leave a Star if it helped you :-)

Author

anvix9

About

This is a simple way to refresh your aws tokens both manually and automatically with high level of security

Topics

aws deployment ci-cd github-actions aws-token

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages