package mainimport ( "fmt" "log" "github.com/aws/aws-sdk-go/aws" "github.

1. package main
2.  
3. import (
4. "fmt"
5. "log"
6.  
7. "github.com/aws/aws-sdk-go/aws"
8. "github.com/aws/aws-sdk-go/aws/credentials"
9. "github.com/aws/aws-sdk-go/aws/credentials/stscreds"
10. "github.com/aws/aws-sdk-go/aws/session"
11. "github.com/aws/aws-sdk-go/service/sts"
12. )
13.  
14. const (
15. SerialNumber = "arn:aws:iam::1234:mfa/user-name"
16. RoleARN = "arn:aws:iam::4321:role/Role"
17. )
18.  
19. func main() {
20. sess := session.New()
21.  
22. sessionTokenCreds, err := getSessionToken(sts.New(sess, &aws.Config{Credentials: credentials.NewEnvCredentials()}))
23. if err != nil {
24. log.Fatal(err)
25. }
26.  
27. roleCreds, err := assumeRole(sts.New(sess, &aws.Config{Credentials: credentials.NewStaticCredentials(*sessionTokenCreds.AccessKeyId, *sessionTokenCreds.SecretAccessKey, *sessionTokenCreds.SessionToken)}))
28. if err != nil {
29. log.Fatal(err)
30. }
31.  
32. fmt.Println(roleCreds)
33. }
34.  
35. func getSessionToken(client *sts.STS) (*sts.Credentials, error) {
36. token, err := stscreds.StdinTokenProvider()
37. if err != nil {
38. return nil, err
39. }
40. resp, err := client.GetSessionToken(&sts.GetSessionTokenInput{
41. DurationSeconds: aws.Int64(900),
42. SerialNumber: aws.String(SerialNumber),
43. TokenCode: aws.String(token),
44. })
45. if err != nil {
46. return nil, err
47. }
48. return resp.Credentials, nil
49. }
50.  
51. func assumeRole(client *sts.STS) (*sts.Credentials, error) {
52. resp, err := client.AssumeRole(&sts.AssumeRoleInput{
53. RoleSessionName: aws.String("test"),
54. DurationSeconds: aws.Int64(900),
55. RoleArn: aws.String(RoleArn),
56. })
57. if err != nil {
58. return nil, err
59. }
60. return resp.Credentials, nil
61. }