Generates AWS credentials for roles using STS
Generates AWS credentials for roles using STS and writes them to `~/.aws/credentials`
Simply pipe a SAML assertion into awssaml
# create credentials from saml assertion $ oktaauth -u jobloggs | aws_role_credentials saml --profile dev
Or for assuming a role using an IAM user:
# create credentials from an iam user $ aws_role_credentials user \ arn:aws:iam::111111:role/dev jobloggs-session \ --profile dev
For roles that require MFA:
# create credentials from an iam user with mfa $ aws_role_credentials user \ arn:aws:iam::111111:role/dev jobloggs-session \ --profile dev \ --mfa-serial-number arn:aws:iam::111111:mfa/Jo \ --mfa-token 102345
`aws_role_credentials` also supports ‘transient’ mode where the credentials are passed to a command as environment variables within the process. This adds an extra layer of safety and convinience.
To use transient mode simply pass a command to the `--exec` option like so:
# run 'aws s3 ls' with the generated role credentials from an iam user $ aws_role_credentials user \ arn:aws:iam::111111:role/dev jobloggs-session \ --exec 'aws s3 ls'
--profile Use a specific profile in your credential file (e.g. Development). Defaults to sts. --region The region to use. Overrides config/env settings. Defaults to us-east-1. --exec The command to execute with the AWS credentials
Thanks to Quint Van Deman of AWS for demonstrating how to do this. https://blogs.aws.amazon.com/security/post/Tx1LDN0UBGJJ26Q/How-to-Implement-Federated-API-and-CLI-Access-Using-SAML-2-0-and-AD-FS
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|File Name & Checksum SHA256 Checksum Help||Version||File Type||Upload Date|
|aws_role_credentials-0.6.3-py2.py3-none-any.whl (9.5 kB) Copy SHA256 Checksum SHA256||2.6||Wheel||Mar 23, 2017|
|aws_role_credentials-0.6.3.tar.gz (19.6 kB) Copy SHA256 Checksum SHA256||–||Source||Mar 23, 2017|