Terror's Treats.
Never a threat, always a treat
This is a spot where I publish helpful tips and tricks -- mainly for me to find later. There may also be other kinds of posts, too. You have been warned.
Paragraphs of Content
Enabling multi-device Virtual MFA on AWS root accounts
I just enabled MFA for AWS root account credentials and synced with multiple devices.
Yes, multiple devices -- and not by using Authly or other "MFA sharing" services.
Why? Well, a friend and I share an AWS account and both want access to the root account for continuation should something happen to either one of us. We use IAM users for everything, but the root account is critical and while we want MFA on the account, we don't want a SPOF by having only one person's device enabled for MFA. I imagine other entities have a similar concern.
How? Simple! I chose to enable a new Virtual MFA device and when presented with the QR Code screen, I took a screen shot and saved it and the manual entry code into a secure server. Then I entered the two sequential tokens and securely shared the stored secrets.
Now with Google Authenticator or Sophos Authenticator (for ipad) as many devices we choose share the same vMFA.
Besides reducing the risk of losing a single physical device allowing MFA access to the AWS account, this has other implications.
Primarily: THE QR CODE AND MANUAL ENTRY CODE ARE LIVE SECRETS AND MUST BE SECURED!
Don't register a vMFA on in a public place, on an insecure network, or insecure computer.
Delete the QR code from your browsers cache, download folder, etc. Same with the manual entry code!
AWS doesn't require a PIN with the MFA token, cannot determine more than one vMFA is in use, and no other authentication than the QR/manual entry code is needed to sync a device.
Get build version numbers from a bunch of war files
Having a bunch of war files in a directory, I just want to pull out info from one common file in each. I did this:
$ for i in `ls -1 *.war`; do echo $i ; j=`echo $i|cut -d. -f 1`; mkdir -p $j; mv $i $j ; done
$ for i in `ls -1` ; do echo $i; grep buildNumber $i/version.xml; done
My Twitter Search Widget for #AWS