Propose awsudo as a workaround for kops mfa

docs/mfa.md

@@ -2,7 +2,7 @@
 
 You can secure `kops` with MFA by creating an AWS role & policy that requires MFA to access to the `KOPS_STATE_STORE` bucket. Unfortunately the Go AWS SDK does not transparently support assuming roles with required MFA. This may change in a future version. `kops` plans to support this behavior eventually. You can track progress in this [Github issue](https://github.com/kubernetes/kops/issues/226). If you'd like to ues MFA with `kops`, you'll need a work around until then.
 
-## The Workaround
+## The Workaround #1
 
 The work around uses `aws sts assume-role` in combination with an MFA prompt to retrieve temporary AWS access keys. This provides `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN` environment variables which are automatically picked up by Go AWS SDK. You provide the MFA & Role ARNs, then invoke `kops`.
 
@@ -55,6 +55,14 @@ main() {
 main "$@"
 ```
 
-## Usage
+#### Usage
 
 Download the script as `kops-mfa`, make it executable, put it on `$PATH`, set the `KOPS_MFA_ARN` and `KOPS_MFA_ROLE_ARN` environment variables. Run as `kops-mfa` followed by any `kops` command.
+
+
+## The Workaround #2
+Use [awsudo](https://github.com/makethunder/awsudo) to generate temp credentials. This is similar to previous but shorter:
+```
+pip install awsudo
+env $(awsudo ${AWS_PROFILE} | grep AWS | xargs) kops ...
+```