Support cache for SharedCredentialFile

[outcoldman]

Implementation to support cache for when MFA is used for shared credential files. See aws/aws-sdk#529
Depends on boto/botocore#1399

[codecov-io]

Codecov Report

Merging #3174 into develop will decrease coverage by <.01%.
The diff coverage is 100%.

@@             Coverage Diff             @@
##           develop    aws/aws-cli#3174      +/-   ##
===========================================
- Coverage    97.11%   97.11%   -0.01%     
===========================================
  Files          407      407              
  Lines        33515    33536      +21     
===========================================
+ Hits         32548    32568      +20     
- Misses         967      968       +1

Impacted Files	Coverage Δ
awscli/customizations/sessiontokenservice.py	100% <100%> (ø)
...ts/unit/customizations/test_sessiontokenservice.py	100% <100%> (ø)
awscli/handlers.py	100% <100%> (ø)	⬆️
awscli/clidocs.py	98.37% <0%> (-0.21%)	⬇️
...nit/customizations/cloudformation/test_deployer.py	100% <0%> (ø)	⬆️
awscli/customizations/cloudformation/deployer.py	96.73% <0%> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 520d2f9...6318517. Read the comment docs.

[ahl]

This would be extremely useful; I hope it gets merged.

[Kiddinglife]

need this

[zhe-zhao]

Have to say that working with MFA in cli is rather unpleasant. You'll have to write some script to:

1. Get MFA device arn
2. Get session with MFA arn and MFA code
3. Store temp access key & token somewhere

It would be really nice if we can get a built-in solution e.g. a mfa_serial parameter in profile config etc.

[webbrandon]

Kinda wish someone would move or address this PR after 2 years of being open. This would be useful and make it so we don't have get dev's setup with automation script to make development more productive.

[benjaminW78]

THIS MR would so well solve my problem. i want more security so i activated MFA but now it's becoming hell to use AWS CLI with mfa. but their is stuff that i can only do by AWS CLI for ECS ... so i'm stuck at trying to figure out how to have a seamless experience.

[whereismypen]

How can we (cloud users) be expected to improve our security stance when the cloud provider doesn't provide us with the tools. Please review and commit this.

[stealthycoin]

Updated the issue with guidance from our new contributing process. Marking this PR as a DRAFT as we would not accept a PR that effects security and credential loading without a clear design doc that we can review and approve in advance.
The issue itself is marked as blocked, which means it is waiting on a design spec to be written. Once someone posts a design and the design is iterated on with team member's and we approve it, it can be advanced to the contribution-ready stage.

[tim-finnigan]

Thank you for creating this PR and for your patience here. Regarding this point mentioned earlier:

...we would not accept a PR that effects security and credential loading without a clear design doc that we can review and approve in advance.

This design doc will need to be considered at a cross-SDK level, and so we have transferred the corresponding issue (aws/aws-sdk#529) to our cross-SDK repository for further tracking. Please 👍 the issue if also interested in this feature and comment there if you have any additional info to share.