The AWS CLI has support for automatically assuming a role based on a profiles you can setup in your ~/.aws/config file. Once you setup the profiles, you can run a command using the profile. Something like this aws s3 ls --profile profile-for-that-one-account. The CLI will prompt you for your mfa token and assume the role for you. It also caches the credentials for you so you don’t have to keep entering your mfa token if you run multiple commands. This works well except for two things, the SDKs don’t look in the CLI credential cache, and you have to specify the profile everytime you run a command (or set the AWS默认PROFILE环境变量）。
Another issue I have is that often I do development work inside a virtual machine, and the aws config files aren’t available. I could of course volume in my .aws directory, but it’s a pain to do that for every new VM I setup.
Call aws s3 ls with the profile you specify as a parameter
Remember, you will need to source the script to get the environment variables to stick. To do this in a typical shell, you need to 预先pend a . to your command. For convenience I named the script awsume, put the it in /usr/local/bin and set an alias alias awsume='. awsume'.