Generates AWS credentials for roles using STS
Project description
Generates AWS credentials for roles using STS and writes them to `~/.aws/credentials`
Usage
Simply pipe a SAML assertion into awssaml
# create credentials from saml assertion
$ oktaauth -u jobloggs | aws_role_credentials saml --profile dev
Or for assuming a role using an IAM user:
# create credentials from an iam user
$ aws_role_credentials user \
arn:aws:iam::111111:role/dev jobloggs-session \
--profile dev
For roles that require MFA:
# create credentials from an iam user with mfa
$ aws_role_credentials user \
arn:aws:iam::111111:role/dev jobloggs-session \
--profile dev \
--mfa-serial-number arn:aws:iam::111111:mfa/Jo \
--mfa-token 102345
Transient mode
`aws_role_credentials` also supports ‘transient’ mode where the credentials are passed to a command as environment variables within the process. This adds an extra layer of safety and convinience.
To use transient mode simply pass a command to the `--exec` option like so:
# run 'aws s3 ls' with the generated role credentials from an iam user
$ aws_role_credentials user \
arn:aws:iam::111111:role/dev jobloggs-session \
--exec 'aws s3 ls'
Options
- --profile
Use a specific profile in your credential file (e.g. Development). Defaults to sts.
- --region
The region to use. Overrides config/env settings. Defaults to us-east-1.
- --exec
The command to execute with the AWS credentials
Thanks
Thanks to Quint Van Deman of AWS for demonstrating how to do this. https://blogs.aws.amazon.com/security/post/Tx1LDN0UBGJJ26Q/How-to-Implement-Federated-API-and-CLI-Access-Using-SAML-2-0-and-AD-FS
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for aws_role_credentials-0.6.1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | e2a748fdd4294acef132d268ffc0ad7515391b1d4e70f58dc0160c550708d9fc |
|
MD5 | 8975b67936068e4f9ffe299bc85bbcce |
|
BLAKE2b-256 | b3066e2d8da9527ef8598b53c043b5c99b843a3c97dcc30896de6c224c1e04aa |
Hashes for aws_role_credentials-0.6.1-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | caa7706aba2912e8c38889c45e0d75424055c16dd07e51b30b18dcc08b6fcdeb |
|
MD5 | 108707b266a5439f3d7019876a719560 |
|
BLAKE2b-256 | 4f7803962e32f85c96ca0de90fb04381213aa8f040da4ce575de328a3fe03905 |
Hashes for aws_role_credentials-0.6.1-py2.6.egg
Algorithm | Hash digest | |
---|---|---|
SHA256 | 96a84c1e5115ceb0fb903a3c53c936c9a386de23b069c5643d91bdc331a380e6 |
|
MD5 | 4ac9e271ee05181945b73a2fe9a69d26 |
|
BLAKE2b-256 | 0724e20473bd41477662eb5d6298acda329c0ded0c516f0089a9dd2ce5d926c6 |