Python 3.6+ library to enable programmatic Azure AD auth against AWS

Navigation

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache Software License

Author: David Poirier

Tags azure ad, aws, sso

Requires: Python >= 3.6

Maintainers

Avatar for david.poirier from gravatar.com david.poirier

Classifiers

Project description

aws_azuread_login

Python 3.6+ library to enable ADFS auth against AWS

Installation

pip install aws-azuread-login

Usage

import aws_azuread_login
import botocore
import json

# authenticate against azuread application url
roles = aws_azuread_login.authenticate(os.environ['AWS_AZUREAD_ENTRY_URL']

# get creds one by one
for role in roles:
    try:
        print(f'Getting credentials for role {role.role_name} in account {role.account}...')
        credentials = role.get_credentials()
        client = credentials.get_client('ec2')
        response = client.describe_instances()
        print(json.dumps(response['Reservations'], indent=2, default=str))
    except botocore.exceptions.ClientError as e:
        print(f'\t 👎 Error getting credentials, skipping: {type(e)}, {str(e)}')


# get them all at once ('sts.AssumeRole' role errors are handled by aws_azuread_login)
multiple_credentials = aws_azuread_login.get_multiple_credentials(roles)
for credentials in multiple_credentials:
    client = credentials.get_client('ec2')
    response = client.describe_instances()
    print(json.dumps(response['Reservations'], indent=2, default=str))


# get clients in different regions
for credentials in multiple_credentials:
    client = credentials.get_client('ec2')
    response = client.describe_regions()
    for region in response['Regions']:
        region_name = region['RegionName']
        print(f'Creating client for region {region_name}...')
        client = credentials.get_client('ec2', region_name=region_name)
        response = client.describe_instances()
        print(json.dumps(response['Reservations'], indent=2, default=str))


# control the session duration, e.g. 12 hours (default is 1 hour)
credentials = roles[0].get_credentials(duration_seconds=60*60*12)
multiple_credentials = aws_azuread_login.get_mutiple_credentials(roles, duration_seconds=60*60*12)

Project details

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: Apache Software License

Author: David Poirier

Tags azure ad, aws, sso

Requires: Python >= 3.6

Maintainers

Avatar for david.poirier from gravatar.com david.poirier

Classifiers


Release history Release notifications | RSS feed

This version

1.2

1.1.2

1.1.1

1.1.0

1.0.5

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for aws-azuread-login, version 1.2
Filename, size File type Python version Upload date Hashes
Filename, size aws_azuread_login-1.2-py3-none-any.whl (9.3 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size aws_azuread_login-1.2.tar.gz (5.3 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page