{"id":252,"date":"2020-05-10T08:20:12","date_gmt":"2020-05-10T08:20:12","guid":{"rendered":"http:\/\/box5442.temp.domains\/~arpioio\/?p=252"},"modified":"2020-05-10T08:20:12","modified_gmt":"2020-05-10T08:20:12","slug":"iam-user-command-line-mfa","status":"publish","type":"post","link":"https:\/\/arpio.io\/staging\/8013\/iam-user-command-line-mfa\/","title":{"rendered":"Configuring an AWS User For MFA at the Command Line"},"content":{"rendered":"

<\/p>I think we all know about the goodness of multi-factor authentication (MFA), and how effective it can be at preventing malicious access to sensitive environments like an AWS account. And it seems that organizations have gotten pretty good at requiring MFA for access to the AWS console, oftentimes indirectly through a single-sign-on provider.\n

But in my experience, most AWS users don\u2019t utilize MFA at the command line, or when accessing AWS via scripts or applications written directly against the AWS API. That may have something to do with how challenging it is to set up, and how cumbersome it can be to actually use it once it\u2019s configured. In this article, we\u2019ll walk through the process of configuring MFA for command line and API access via an IAM user, and set up our client to minimize the friction of MFA once it\u2019s configured.<\/p>\n

Note, we\u2019re focusing here on configuring MFA for an IAM user. If your users already log into the AWS console as an IAM user, this will give them the ability to have equivalent functionality from the command line. If they log in via an SSO provider, and therefore operate as an assumed IAM role, you can still go this route but they\u2019ll be operating as a different identity at the command line than at the console. In a future article, we\u2019ll cover an alternate approach that allows them to easily authenticate as this same IAM role at the command line.<\/p>\n

Hmm\u2026 MFA is Enforced at Authorization<\/h4>\n

When I first started to dig in on this problem, I lost a lot of time searching for a nice simple command-line equivalent to the experience I knew from the AWS console. When logging into the AWS console as an IAM user, if MFA is configured, I\u2019m required to provide a one-time passcode in order to complete the login process.<\/p>\n

When using MFA from the command line, the story is different. I can successfully authenticate via the command line without providing the one-time passcode from my MFA device. It\u2019s at authorization that my access is blocked. And this happens because the IAM policies associated with my user are deftly crafted to require MFA when authorizing certain activities.<\/p>\n

So, the first thing to understand here is that the MFA requirement isn\u2019t an attribute of the IAM user, but rather of the IAM policies used to authorize the user. You will need to enable MFA on the IAM user \u2014 it\u2019s needed to setup the MFA device \u2014 but you can\u2019t stop there. You also need to modify IAM policies to validate that MFA was used at login when granting access.<\/p>\n

Requiring MFA for All Activities<\/h4>\n

The possibly-nice side-effect of enforcing MFA at authorization is that you can require MFA for some activities and not others. But I just want to require it everywhere. I also want to take advantage of AWS managed IAM policies that aren\u2019t written to require MFA and that I can\u2019t modify. The easy way to satisfy both of these requirements is with a Permissions Boundary policy applied to my IAM user.<\/p>\n

If you\u2019re not familiar with Permissions Boundaries, they\u2019re an extra layer of authorization that can be applied to an IAM entity to further restrict what that entity can do. Authorization is checked against the entity\u2019s applied policies, as well as the entity\u2019s permissions boundary, and only if both allow the action does that action proceed. In this case, I wanted a permissions boundary policy that allows all activities, but only if MFA was utilized during authentication.<\/p>\n

To do this, I set up a new IAM managed policy, naming it something like \u201cMfaRequired\u201d, and used the following policy document:<\/p>\n

{\n    \"Version\"<\/span>: \"2012-10-17\"<\/span>,\n    \"Statement\"<\/span>: [\n        {\n            \"Sid\"<\/span>: \"MfaRequired\"<\/span>,\n            \"Effect\"<\/span>: \"Allow\"<\/span>,\n            \"Action\"<\/span>: \"*\"<\/span>,\n            \"Resource\"<\/span>: \"*\"<\/span>,\n            \"Condition\"<\/span>: {\n                \"Bool\"<\/span>: {\n                    \"aws:MultiFactorAuthPresent\"<\/span>: \"true\"<\/span>\n                }\n            }\n        }\n    ]\n}<\/pre>\n
The condition section is the key. If MFA wasn\u2019t present when the user authenticated, this policy will block all access.<\/p>\n
Once the policy is created, update the configuration of your IAM user, specifying this policy as the permission boundary. From that point forward, all commands will fail if the user hasn\u2019t been authenticated via MFA.<\/p>\n
Enabling MFA for an IAM user<\/h4>\n
The next step is to enable MFA for your IAM user. If you\u2019re already using MFA to allow IAM users to login via the AWS console, you can skip to the next section. If not, you\u2019re first going to need an MFA device. These are sometimes physical devices you carry with you, but in my experience they\u2019re usually an app on your phone. I use Google Authenticator<\/a> for mine, but there are many options.<\/p>\n
IAM users must be configured with an MFA device (physical or virtual) that is responsible for producing a one-time passcode. From the IAM user details page in the AWS console, find the Security credentials tab and click the \u201cManage\u201d link next to \u201cAssigned MFA device\u201d. That will walk you through the process of configuring MFA for this user, including configuring an app on your phone as a virtual MFA device.<\/p>\n
\"\"<\/p>\n
Providing MFA Tokens at the Command Line<\/h4>\n
Once you\u2019ve got MFA configured on your IAM user, you need to start providing the associated one-time passcode at the AWS command line. It\u2019s important to understand the process here. You don\u2019t just add another parameter to your command line commands. Instead, you authenticate a new session (providing your MFA token in the process), which gives you a new set of temporary credentials. You then use those temporary credentials for subsequent commands.<\/p>\n
To authenticate a new session, use the \u201cget-session-token\u201d sts command (or the corresponding API if you\u2019re doing this programmatically). This command takes 2 parameters: the identity of the MFA device, and the current token from the device. It\u2019ll look something like this:<\/p>\n
$ aws sts get-session-token --serial-number\u00a0 arn:aws:iam::123456789012:mfa\/doug --token-code 123456\n<\/pre>\n
What comes back is a mess of json that includes the AWS_ACCESS_KEY, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN. You need to capture these details and store them where they\u2019ll be found for subsequent activities, typically in environment variables. If you aren\u2019t familiar with how the AWS command line and APIs find credentials in environment variables, here is the documentation<\/a>.<\/p>\n
So, configuring environment variables for new session tokens might look something like this:<\/p>\n
$ export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE\n$ export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI\/K7MDENG\/bPxRfiCYEXAMPLEKEY\n$ export AWS_SESSION_TOKEN=FwoGZXIvYXdzEOr\/\/\/\/\/\/\/\/\/\/wEaDF36x20Zn8ITpv9tbCKBAS0skSLtdiYW5GXKb+RX4w4MHYgq+nBUuc145UAk+6VGjpTEcn6Y+7b1W6G8GDBtn6Cd9\/kZO50WIPnNT1Zeq2exCiq0AnHwY04f4YT5wQGH+0EhOuTIl3FMkDIZq1CWJYNjqg+xzN51TQ7BdC59lwjq3GyErslaBcDeFGdT1S3EASjzseL1BTIoyENXejg9wTb7QWw\/RwvfCiVPpccB0gAjMGKAw33lId3MetljY1aX5A==\n<\/pre>\n
In summary, we have 1 convoluted command to get temporary session credentials followed by 3 convoluted commands to store them in environment variables so they can be used. There has to be a better way.<\/p>\n
Using aws-vault for Credential Management<\/h4>\n
If you\u2019re using MFA via IAM roles, the aws command line includes some nice functionality to handle temporary credentials for you. But here we\u2019re using IAM users, and they don\u2019t provide the same functionality for IAM users (which might be a hint that Amazon would prefer we use IAM roles).<\/p>\n
Luckily, the fine engineers at 99designs have open sourced a tool (aws-vault) for securely managing your AWS credentials. The tool\u2019s primary function is to take creds out of the ~\/.aws\/credentials file on your filesystem and store them securely in the system credential store of your operating system. But it also handles MFA, which is going to make our lives easier here.<\/p>\n
aws-vault understands the AWS command line\u2019s config file, and looks there for details such as the serial number of your MFA device. The first thing to do is update ~\/.aws\/config to create a profile that includes the mfa_serial configuration. Mine looks like this:<\/p>\n
[default]\nregion=us-east-1\n\n[profile doug]\nmfa_serial=arn:aws:iam::123456789012:mfa\/doug\n<\/pre>\n
Next, store the AWS_ACCESS_KEY_ID and AWS_ACCESS_SECRET_KEY for your IAM user in the secure store managed by aws-vault. This assumes you\u2019ve installed aws-vault\u2026 that prior link has good instructions.<\/p>\n
$ aws-vault add doug\nEnter Access Key Id: ABDCDEFDASDASF\nEnter Secret Key: %%%\n<\/pre>\n
From here, launch the aws command line, or any other programmatic access to AWS, by first invoking aws-vault. aws-vault will handle all credential management for you, including prompting for your MFA token.<\/p>\n
$ aws-vault exec doug -- aws ec2 describe-instances\nEnter token for arn:aws:iam::123456789012:mfa\/doug: 123456\n<\/pre>\n
aws-vault creates the temporary session, stores the credentials in environment variables, and then invokes the specified command. In this case, it invoked aws ec2 describe-instances.<\/p>\n
aws-vault caches these temporary credentials, so you don\u2019t have to specify your MFA token again until your temporary session expires. But invoking every aws command by first specifying \u201caws-vault exec doug \u2013\u201d is a lot of typing. If I\u2019m going to be doing a lot in the command line, I use aws-vault to launch a new shell, and then invoke the aws commands directly:<\/p>\n
$ aws-vault exec doug -- bash\nbash$ aws ec2 describe-instances\n<\/pre>\n
Recently I got tired of even typing that command, so I added an alias to my shell\u2019s initialization script, giving me quick access to an MFA-authenticated shell anytime I need it.<\/p>\n
alias aws-doug=\"aws-vault exec doug -- env PS1=\\\"aws-doug> \\\" bash\"\n<\/pre>\n
With that in place, I can simply type \u201caws-doug\u201d at a shell prompt to launch a subshell where all commands will be pre-authenticated via MFA.<\/p>\n
And that\u2019s what it takes! It took me a couple hours to get this working correctly \u2013 hopefully this write-up makes it significantly easier for you!<\/p>\n<\/body>","protected":false},"excerpt":{"rendered":"
I think we all know about the goodness of multi-factor authentication (MFA), and how effective it can be at preventing malicious access to sensitive environments like an AWS account. And…<\/p>\n","protected":false},"author":1,"featured_media":253,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","content-type":"","inline_featured_image":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-252","post","type-post","status-publish","format-standard","has-post-thumbnail","category-blog"],"yoast_head":"\nConfiguring an AWS User For MFA at the Command Line \u2014 Arpio<\/title>\n<meta name=\"description\" content=\"Most AWS users don\u2019t utilize MFA at the command line, or when accessing AWS via scripts or applications written directly against the AWS API. That may have something to do with how challenging it is to set up, and how cumbersome it can be to actually use it once it\u2019s configured.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/arpio.io\/iam-user-command-line-mfa\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Configuring an AWS User For MFA at the Command Line \u2014 Arpio\" \/>\n<meta property=\"og:description\" content=\"Most AWS users don\u2019t utilize MFA at the command line, or when accessing AWS via scripts or applications written directly against the AWS API. That may have something to do with how challenging it is to set up, and how cumbersome it can be to actually use it once it\u2019s configured.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/arpio.io\/iam-user-command-line-mfa\/\" \/>\n<meta property=\"og:site_name\" content=\"Arpio Disaster Recovery Made Easy\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-10T08:20:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/arpio.io\/wp-content\/uploads\/2020\/08\/OIP.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"474\" \/>\n\t<meta property=\"og:image:height\" content=\"247\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"6805pwpadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"6805pwpadmin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/arpio.io\/iam-user-command-line-mfa\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/arpio.io\/iam-user-command-line-mfa\/\"},\"author\":{\"name\":\"6805pwpadmin\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095\"},\"headline\":\"Configuring an AWS User For MFA at the Command Line\",\"datePublished\":\"2020-05-10T08:20:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/arpio.io\/iam-user-command-line-mfa\/\"},\"wordCount\":1494,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/arpio.io\/iam-user-command-line-mfa\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2020\/08\/OIP.jpeg\",\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/arpio.io\/iam-user-command-line-mfa\/\",\"url\":\"https:\/\/arpio.io\/iam-user-command-line-mfa\/\",\"name\":\"Configuring an AWS User For MFA at the Command Line \u2014 Arpio\",\"isPartOf\":{\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/arpio.io\/iam-user-command-line-mfa\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/arpio.io\/iam-user-command-line-mfa\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2020\/08\/OIP.jpeg\",\"datePublished\":\"2020-05-10T08:20:12+00:00\",\"author\":{\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095\"},\"description\":\"Most AWS users don\u2019t utilize MFA at the command line, or when accessing AWS via scripts or applications written directly against the AWS API. That may have something to do with how challenging it is to set up, and how cumbersome it can be to actually use it once it\u2019s configured.\",\"breadcrumb\":{\"@id\":\"https:\/\/arpio.io\/iam-user-command-line-mfa\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/arpio.io\/iam-user-command-line-mfa\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/arpio.io\/iam-user-command-line-mfa\/#primaryimage\",\"url\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2020\/08\/OIP.jpeg\",\"contentUrl\":\"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2020\/08\/OIP.jpeg\",\"width\":474,\"height\":247},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/arpio.io\/iam-user-command-line-mfa\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/arpio.io\/staging\/8013\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Configuring an AWS User For MFA at the Command Line\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#website\",\"url\":\"https:\/\/arpio.io\/staging\/8013\/\",\"name\":\"Arpio Disaster Recovery Made Easy\",\"description\":\"AWS Disaster Recovery\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/arpio.io\/staging\/8013\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095\",\"name\":\"6805pwpadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/bbce7316dd4979a6199ddcdaed836e357939826f60c7be919373136535d247b6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/bbce7316dd4979a6199ddcdaed836e357939826f60c7be919373136535d247b6?s=96&d=mm&r=g\",\"caption\":\"6805pwpadmin\"},\"sameAs\":[\"http:\/\/support.pagely.com\"],\"url\":\"https:\/\/arpio.io\/staging\/8013\/author\/6805pwpadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Configuring an AWS User For MFA at the Command Line \u2014 Arpio","description":"Most AWS users don\u2019t utilize MFA at the command line, or when accessing AWS via scripts or applications written directly against the AWS API. That may have something to do with how challenging it is to set up, and how cumbersome it can be to actually use it once it\u2019s configured.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/arpio.io\/iam-user-command-line-mfa\/","og_locale":"en_US","og_type":"article","og_title":"Configuring an AWS User For MFA at the Command Line \u2014 Arpio","og_description":"Most AWS users don\u2019t utilize MFA at the command line, or when accessing AWS via scripts or applications written directly against the AWS API. That may have something to do with how challenging it is to set up, and how cumbersome it can be to actually use it once it\u2019s configured.","og_url":"https:\/\/arpio.io\/iam-user-command-line-mfa\/","og_site_name":"Arpio Disaster Recovery Made Easy","article_published_time":"2020-05-10T08:20:12+00:00","og_image":[{"width":474,"height":247,"url":"https:\/\/arpio.io\/wp-content\/uploads\/2020\/08\/OIP.jpeg","type":"image\/jpeg"}],"author":"6805pwpadmin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"6805pwpadmin","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/arpio.io\/iam-user-command-line-mfa\/#article","isPartOf":{"@id":"https:\/\/arpio.io\/iam-user-command-line-mfa\/"},"author":{"name":"6805pwpadmin","@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095"},"headline":"Configuring an AWS User For MFA at the Command Line","datePublished":"2020-05-10T08:20:12+00:00","mainEntityOfPage":{"@id":"https:\/\/arpio.io\/iam-user-command-line-mfa\/"},"wordCount":1494,"commentCount":0,"image":{"@id":"https:\/\/arpio.io\/iam-user-command-line-mfa\/#primaryimage"},"thumbnailUrl":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2020\/08\/OIP.jpeg","articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/arpio.io\/iam-user-command-line-mfa\/","url":"https:\/\/arpio.io\/iam-user-command-line-mfa\/","name":"Configuring an AWS User For MFA at the Command Line \u2014 Arpio","isPartOf":{"@id":"https:\/\/arpio.io\/staging\/8013\/#website"},"primaryImageOfPage":{"@id":"https:\/\/arpio.io\/iam-user-command-line-mfa\/#primaryimage"},"image":{"@id":"https:\/\/arpio.io\/iam-user-command-line-mfa\/#primaryimage"},"thumbnailUrl":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2020\/08\/OIP.jpeg","datePublished":"2020-05-10T08:20:12+00:00","author":{"@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095"},"description":"Most AWS users don\u2019t utilize MFA at the command line, or when accessing AWS via scripts or applications written directly against the AWS API. That may have something to do with how challenging it is to set up, and how cumbersome it can be to actually use it once it\u2019s configured.","breadcrumb":{"@id":"https:\/\/arpio.io\/iam-user-command-line-mfa\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/arpio.io\/iam-user-command-line-mfa\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/arpio.io\/iam-user-command-line-mfa\/#primaryimage","url":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2020\/08\/OIP.jpeg","contentUrl":"https:\/\/arpio.io\/staging\/8013\/wp-content\/uploads\/2020\/08\/OIP.jpeg","width":474,"height":247},{"@type":"BreadcrumbList","@id":"https:\/\/arpio.io\/iam-user-command-line-mfa\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/arpio.io\/staging\/8013\/"},{"@type":"ListItem","position":2,"name":"Configuring an AWS User For MFA at the Command Line"}]},{"@type":"WebSite","@id":"https:\/\/arpio.io\/staging\/8013\/#website","url":"https:\/\/arpio.io\/staging\/8013\/","name":"Arpio Disaster Recovery Made Easy","description":"AWS Disaster Recovery","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/arpio.io\/staging\/8013\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/0a2437a37056190db7e46201a6a65095","name":"6805pwpadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/arpio.io\/staging\/8013\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/bbce7316dd4979a6199ddcdaed836e357939826f60c7be919373136535d247b6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/bbce7316dd4979a6199ddcdaed836e357939826f60c7be919373136535d247b6?s=96&d=mm&r=g","caption":"6805pwpadmin"},"sameAs":["http:\/\/support.pagely.com"],"url":"https:\/\/arpio.io\/staging\/8013\/author\/6805pwpadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/posts\/252","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/comments?post=252"}],"version-history":[{"count":0,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/posts\/252\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/media\/253"}],"wp:attachment":[{"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/media?parent=252"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/categories?post=252"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/arpio.io\/staging\/8013\/wp-json\/wp\/v2\/tags?post=252"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}