Generates AWS credentials for roles using STS
Project description
Generates AWS credentials for roles using STS and writes them to `~/.aws/credentials`
Usage
Simply pipe a SAML assertion into awssaml
# create credentials from saml assertion
$ oktaauth -u jobloggs | aws_role_credentials saml –profile dev
Or for assuming a role using an IAM user:
# create credentials from an iam user
$ aws_role_credentials user arn:aws:iam::111111:role/dev jobloggs-session –profile dev
For roles that require MFA:
# create credentials from an iam user with mfa
$ aws_role_credentials user arn:aws:iam::111111:role/dev jobloggs-session –profile dev –mfa-serial-number arn:aws:iam::111111:mfa/Jo –mfa-token 102345
Transient mode
`aws_role_credentials` also supports ‘transient’ mode where the credentials are passed to a command as environment variables within the process. This adds an extra layer of safety and convinience.
To use transient mode simply pass a command to the `--exec` option like so:
# run ‘aws s3 ls’ with the generated role credentials from an iam user
$ aws_role_credentials user arn:aws:iam::111111:role/dev jobloggs-session –exec ‘aws s3 ls’
Options
- --profile
Use a specific profile in your credential file (e.g. Development). Defaults to sts.
- --region
The region to use. Overrides config/env settings. Defaults to us-east-1.
- --exec
The command to execute with the AWS credentials
Thanks
Thanks to Quint Van Deman of AWS for demonstrating how to do this. https://blogs.aws.amazon.com/security/post/Tx1LDN0UBGJJ26Q/How-to-Implement-Federated-API-and-CLI-Access-Using-SAML-2-0-and-AD-FS
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
File details
Details for the file aws_role_credentials-0.4.0.tar.gz.
File metadata
- Download URL: aws_role_credentials-0.4.0.tar.gz
- Upload date:
- Size: 18.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0136437a3ac9db7f499f1da2d38cf24ea24e064933e073b57efba011cc422fb1 |
|
| MD5 | 4b4190ec1e9b2541654d59e05b2daec6 |
|
| BLAKE2b-256 | 3a46f2ebca96c29f7fddda586563919e7774d4cf705f42300050aa95e8326311 |
File details
Details for the file aws_role_credentials-0.4.0.linux-x86_64.tar.gz.
File metadata
- Download URL: aws_role_credentials-0.4.0.linux-x86_64.tar.gz
- Upload date:
- Size: 9.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | cb37ed14161d00217f4643270d030a94d2a3ca95574678c4698006d3ca3f785d |
|
| MD5 | ecd9d158b4ee42c0e5beb5aa1ab7c57c |
|
| BLAKE2b-256 | 3b3af9279640708e107e7a18600d73e8b6c3dcfa3a9868f12479e9b04128dc2c |
File details
Details for the file aws_role_credentials-0.4.0-py2.py3-none-any.whl.
File metadata
- Download URL: aws_role_credentials-0.4.0-py2.py3-none-any.whl
- Upload date:
- Size: 8.6 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b74c51cf56fe8da59e5acee0ce46312cc593098a5835a021ec71cccce5c8cbe7 |
|
| MD5 | 974b18e0a76c35e23835faf9c5ac64c0 |
|
| BLAKE2b-256 | 410a7d82e6b8c26159f309cc9a6162be13bb895a267bfa9fde5053962fde7940 |
File details
Details for the file aws_role_credentials-0.4.0-py2.6.egg.
File metadata
- Download URL: aws_role_credentials-0.4.0-py2.6.egg
- Upload date:
- Size: 12.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f494f3bec9ec8f001b4c51ef9bfa668e353c1790846de8e9140d4982e80cf9e7 |
|
| MD5 | 1272679b382763e95da9e52a23b507d1 |
|
| BLAKE2b-256 | 1f47317cf01827ecabed6614af6496300c95fd99b4f9aa09908d8b32ab3432ef |
