Generates AWS credentials for roles using STS
Project description
Generates AWS credentials for roles using STS and writes them to `~/.aws/credentials`
Usage
Simply pipe a SAML assertion into awssaml
# create credentials from saml assertion
$ oktaauth -u jobloggs | aws_role_credentials saml –profile dev
Or for assuming a role using an IAM user:
# create credentials from an iam user
$ aws_role_credentials user arn:aws:iam::111111:role/dev jobloggs-session –profile dev
For roles that require MFA:
# create credentials from an iam user with mfa
$ aws_role_credentials user arn:aws:iam::111111:role/dev jobloggs-session –profile dev –mfa-serial-number arn:aws:iam::111111:mfa/Jo –mfa-token 102345
Transient mode
`aws_role_credentials` also supports ‘transient’ mode where the credentials are passed to a command as environment variables within the process. This adds an extra layer of safety and convinience.
To use transient mode simply pass a command to the `--exec` option like so:
# run ‘aws s3 ls’ with the generated role credentials from an iam user
$ aws_role_credentials user arn:aws:iam::111111:role/dev jobloggs-session –exec ‘aws s3 ls’
Options
- --profile
Use a specific profile in your credential file (e.g. Development). Defaults to sts.
- --region
The region to use. Overrides config/env settings. Defaults to us-east-1.
- --exec
The command to execute with the AWS credentials
Thanks
Thanks to Quint Van Deman of AWS for demonstrating how to do this. https://blogs.aws.amazon.com/security/post/Tx1LDN0UBGJJ26Q/How-to-Implement-Federated-API-and-CLI-Access-Using-SAML-2-0-and-AD-FS
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for aws_role_credentials-0.4.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0136437a3ac9db7f499f1da2d38cf24ea24e064933e073b57efba011cc422fb1 |
|
MD5 | 4b4190ec1e9b2541654d59e05b2daec6 |
|
BLAKE2b-256 | 3a46f2ebca96c29f7fddda586563919e7774d4cf705f42300050aa95e8326311 |
Hashes for aws_role_credentials-0.4.0.linux-x86_64.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | cb37ed14161d00217f4643270d030a94d2a3ca95574678c4698006d3ca3f785d |
|
MD5 | ecd9d158b4ee42c0e5beb5aa1ab7c57c |
|
BLAKE2b-256 | 3b3af9279640708e107e7a18600d73e8b6c3dcfa3a9868f12479e9b04128dc2c |
Hashes for aws_role_credentials-0.4.0-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b74c51cf56fe8da59e5acee0ce46312cc593098a5835a021ec71cccce5c8cbe7 |
|
MD5 | 974b18e0a76c35e23835faf9c5ac64c0 |
|
BLAKE2b-256 | 410a7d82e6b8c26159f309cc9a6162be13bb895a267bfa9fde5053962fde7940 |
Hashes for aws_role_credentials-0.4.0-py2.6.egg
Algorithm | Hash digest | |
---|---|---|
SHA256 | f494f3bec9ec8f001b4c51ef9bfa668e353c1790846de8e9140d4982e80cf9e7 |
|
MD5 | 1272679b382763e95da9e52a23b507d1 |
|
BLAKE2b-256 | 1f47317cf01827ecabed6614af6496300c95fd99b4f9aa09908d8b32ab3432ef |