awscli_saml_sso is a command line tool that aims to get temporary credentials from SAML identity provider in order to authenticate to awscli.
Project description
awscli_saml_sso is a command line tool that aims to get temporary credentials from SAML identity provider in order to authenticate to awscli.
Installation
You need a fully functional python 3 environment, then you can install tool from pypi:
pip install awscli-saml-ssoUsage
You only need to run the following command in terminal:
awscli_saml_sso
# Please configure your identity provider url [https://<fqdn>:<port>/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices]:
> ...
# Please choose the role you would like to assume:
# [ 0 ]: arn:aws:iam::<account_number>:role/<role_name>
# [ 1 ]: arn:aws:iam::<account_number>:role/<role_name>
# ...
# Selection: <select among numbered roles>
# ----------------------------------------------------------------
# Your new access key pair has been stored in the AWS configuration file /home/.aws/credentials under the saml profile.
# Note that it will expire at 2020-12-01 13:17:27+00:00.
# After this time, you may safely rerun this script to refresh your access key pair.
# To use this credential, call the AWS CLI with the --profile option (e.g. aws --profile saml ec2 describe-instances).
# ----------------------------------------------------------------
# Simple API example listing all S3 buckets:
# ['your-lovely-bucket', ...]ask you to fill in required identity provider url in the form of https://<fqdn>:<port>/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices
open web browser to fulfil SSO authentication through your identity provider
retrieve attached AWS roles and ask you to choose role you would like to assume
provide a saml profile in /home/.aws/credentials filled with temporary credentials
At the end, you just need to use AWS cofigured saml profile to authenticate your awscli calls
aws --profile saml ec2 describe-instancesOR
AWS_PROFILE=saml aws ec2 describe-instancesFeatures
Authenticate through SAML identity provider in web browser
Select among retrieved AWS roles you are allowed to assume
Store temporary credentials in aws configuration files
Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
Credits
AWS - How to Implement Federated API and CLI Access Using SAML 2.0 and AD FS
License
awscli_saml_sso is open source software released under the GNU GPLv3.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for awscli_saml_sso-0.2.1-py2.py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 54d324e25b92b712ef1dbd6a47d5c4ebd2549830ce935dc45e95f24226fb9790 |
|
| MD5 | 7c18164087562d39da11c944cf06c328 |
|
| BLAKE2b-256 | 8228f038828c062801183f66e157d8cf2afe6246cbfee5389e36ff6a752b179e |
