Generates AWS credentials for roles using STS
Project description
Generates AWS credentials for roles using STS and writes them to `~/.aws/credentials`
Usage
Simply pipe a SAML assertion into awssaml
# create credentials from saml assertion
$ oktaauth -u jobloggs | aws_role_credentials saml --profile dev
Or for assuming a role using an IAM user:
# create credentials from an iam user
$ aws_role_credentials user \
arn:aws:iam::111111:role/dev jobloggs-session \
--profile dev
For roles that require MFA:
# create credentials from an iam user with mfa
$ aws_role_credentials user \
arn:aws:iam::111111:role/dev jobloggs-session \
--profile dev \
--mfa-serial-number arn:aws:iam::111111:mfa/Jo \
--mfa-token 102345
Transient mode
`aws_role_credentials` also supports ‘transient’ mode where the credentials are passed to a command as environment variables within the process. This adds an extra layer of safety and convinience.
To use transient mode simply pass a command to the `--exec` option like so:
# run 'aws s3 ls' with the generated role credentials from an iam user
$ aws_role_credentials user \
arn:aws:iam::111111:role/dev jobloggs-session \
--exec 'aws s3 ls'
Options
- --profile
Use a specific profile in your credential file (e.g. Development). Defaults to sts.
- --region
The region to use. Overrides config/env settings. Defaults to us-east-1.
- --exec
The command to execute with the AWS credentials
Thanks
Thanks to Quint Van Deman of AWS for demonstrating how to do this. https://blogs.aws.amazon.com/security/post/Tx1LDN0UBGJJ26Q/How-to-Implement-Federated-API-and-CLI-Access-Using-SAML-2-0-and-AD-FS
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Hashes for aws_role_credentials-0.6.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 17a57e2d85579b5ce6d5a90b0184505960c8992343c79a46c1f5776ddaadd745 |
|
MD5 | b709dfce574e6e20aaf89182fe478b3f |
|
BLAKE2b-256 | f6d2a18eb4599c6db9403cf93f58d865ae0f457254a45779e50f50272c98cb09 |
Hashes for aws_role_credentials-0.6.0.linux-x86_64.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | ef635af980311e7c71bf89a3c49cc6c541ed73ae82ee16acb2bfbd9edec91b1e |
|
MD5 | bb32902744a51e21fe1382c79eb08c27 |
|
BLAKE2b-256 | f5faf93d657ff0e883be47f4185da4ce71406f6168f39ede3b8373ff54865d7c |
Hashes for aws_role_credentials-0.6.0-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | daf652b9ecac62568ca954f05f0f51208368dba5f5f7b5aa32863466b5bcbc22 |
|
MD5 | 1739f27cc26cce6340f89dc9719ea04f |
|
BLAKE2b-256 | 042b7bd0c806c71a527b44be261940087679714983f264f7241e909a2663cadb |
Hashes for aws_role_credentials-0.6.0-py2.6.egg
Algorithm | Hash digest | |
---|---|---|
SHA256 | 726435186cbab1f6f69f9570bec6dfd45b65e76c9bf62f5cf5209de20ebb905b |
|
MD5 | 9787ff5dcc9a3ed1ba95938f559e7f08 |
|
BLAKE2b-256 | 1946896a1adc776a3cc7f3c77b806447e426a958ca39f050be1ba04c435d3bc7 |