Python 3.6+ library to enable programmatic Azure AD auth against AWS

Navigation

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache Software License

Author: David Poirier

Tags azure ad, aws, sso

Requires: Python >= 3.6

Maintainers

Avatar for david.poirier from gravatar.com david.poirier

Classifiers

Project description

aws_azuread_login

Python 3.6+ library to enable ADFS auth against AWS

Installation

pip install aws-azuread-login

Usage

import aws_azuread_login
import botocore
import json

# authenticate against azuread application url
roles = aws_azuread_login.authenticate(os.environ['AWS_AZUREAD_ENTRY_URL']

# get creds one by one
for role in roles:
    try:
        print(f'Getting credentials for role {role.role_name} in account {role.account}...')
        credentials = role.get_credentials()
        client = credentials.get_client('ec2')
        response = client.describe_instances()
        print(json.dumps(response['Reservations'], indent=2, default=str))
    except botocore.exceptions.ClientError as e:
        print(f'\t 👎 Error getting credentials, skipping: {type(e)}, {str(e)}')


# get them all at once ('sts.AssumeRole' role errors are handled by aws_azuread_login)
multiple_credentials = aws_azuread_login.get_multiple_credentials(roles)
for credentials in multiple_credentials:
    client = credentials.get_client('ec2')
    response = client.describe_instances()
    print(json.dumps(response['Reservations'], indent=2, default=str))


# get clients in different regions
for credentials in multiple_credentials:
    client = credentials.get_client('ec2')
    response = client.describe_regions()
    for region in response['Regions']:
        region_name = region['RegionName']
        print(f'Creating client for region {region_name}...')
        client = credentials.get_client('ec2', region_name=region_name)
        response = client.describe_instances()
        print(json.dumps(response['Reservations'], indent=2, default=str))


# control the session duration, e.g. 12 hours (default is 1 hour)
credentials = roles[0].get_credentials(duration_seconds=60*60*12)
multiple_credentials = aws_azuread_login.get_mutiple_credentials(roles, duration_seconds=60*60*12)

Project details

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache Software License

Author: David Poirier

Tags azure ad, aws, sso

Requires: Python >= 3.6

Maintainers

Avatar for david.poirier from gravatar.com david.poirier

Classifiers


Release history Release notifications | RSS feed

This version

1.2

1.1.2

1.1.1

1.1.0

1.0.5

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aws_azuread_login-1.2.tar.gz (5.3 kB view hashes)

Uploaded source

Built Distribution

aws_azuread_login-1.2-py3-none-any.whl (9.3 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page