Generates AWS credentials for roles using STS
Project description
Generates AWS credentials for roles using STS and writes them to `~/.aws/credentials`
Usage
Simply pipe a SAML assertion into awssaml
# create credentials from saml assertion
$ oktaauth -u jobloggs | aws_role_credentials saml --profile dev
Or for assuming a role using an IAM user:
# create credentials from an iam user
$ aws_role_credentials user \
arn:aws:iam::111111:role/dev jobloggs-session \
--profile dev
For roles that require MFA:
# create credentials from an iam user with mfa
$ aws_role_credentials user \
arn:aws:iam::111111:role/dev jobloggs-session \
--profile dev \
--mfa-serial-number arn:aws:iam::111111:mfa/Jo \
--mfa-token 102345
Transient mode
`aws_role_credentials` also supports ‘transient’ mode where the credentials are passed to a command as environment variables within the process. This adds an extra layer of safety and convinience.
To use transient mode simply pass a command to the `--exec` option like so:
# run 'aws s3 ls' with the generated role credentials from an iam user
$ aws_role_credentials user \
arn:aws:iam::111111:role/dev jobloggs-session \
--exec 'aws s3 ls'
Options
- --profile
Use a specific profile in your credential file (e.g. Development). Defaults to sts.
- --region
The region to use. Overrides config/env settings. Defaults to us-east-1.
- --exec
The command to execute with the AWS credentials
Thanks
Thanks to Quint Van Deman of AWS for demonstrating how to do this. https://blogs.aws.amazon.com/security/post/Tx1LDN0UBGJJ26Q/How-to-Implement-Federated-API-and-CLI-Access-Using-SAML-2-0-and-AD-FS
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for aws_role_credentials-0.5.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 7722054efdc387d61e83827bf4e775db23744b2a08d477bb4ff56d513c82e063 |
|
MD5 | dbf88024fb5c4d17f9812704eed5f6f6 |
|
BLAKE2b-256 | 5dcb60ebe635cedf29d95a3a918da9ef3b8639dbae2d16615f75d50ecac72b70 |
Hashes for aws_role_credentials-0.5.0.linux-x86_64.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | ab6eecd803a8ba845cf2318db8d60ad681ef7a641b9cdb143646ac5671fe5788 |
|
MD5 | 7698e4d1c20acaf64a8a05ca80ba365c |
|
BLAKE2b-256 | ce836d6445e8d3393bad3495b7728518fab8cf71f1113fc063e705dfffae4c86 |
Hashes for aws_role_credentials-0.5.0-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 20ededc79bc60bf2d0588ae3daaa18176d33973aa031e0eba6c9703343825035 |
|
MD5 | 0d43d792d9b71504ffdd4ce695c740bd |
|
BLAKE2b-256 | 3b7325778971aea632afce9f270a790163e0a24f082fe6417c5581f102f4c604 |
Hashes for aws_role_credentials-0.5.0-py2.6.egg
Algorithm | Hash digest | |
---|---|---|
SHA256 | 57c566a0ae01c1158b7a1f5b5f8fac3daf93f626013f2dd65cca58758a5ba4cd |
|
MD5 | 4847d3b11e0e62a9a4ce266ce7c8ee30 |
|
BLAKE2b-256 | 71b2cff03d64e66b13afee8d58bdd23d4948f4fb0c93e5df07a07f38199d5676 |