awssamlpy2

SAML federated API access for AWS

Project description

As part of AWS Governance to enhance the security with the accounts and IAM users, Federated API access is recommended for AWS resources instead of hard-coded IAM AccessID and SecretKeys in the config file.

# Steps:

If this is the first time install of this python package, use below command:

For Python2.x version, pip install awssamlpy2 For Python3.x version, pip install awssamlpy3
To upgrade this python package to latest version, use below command:

For Python2.x version, pip install awssamlpy2 –upgrade For Python3.x version, pip install awssamlpy3 –upgrade
Create a ‘.awssaml.properties’ (~/.awssaml.properties) file under your user home directory like below -

[UserProp] aws-region=us-east-1 aws-outputformat=json idpurl=https://<Your Company AWS SAML Domain>/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices

Please refer to Mesh DOC-111675 for the idpurl
Create a ‘configure’ file under ~/.aws directory without providing the values for access and secret keys. Dont worry if haven’t yet; the package will automatically create one if this file is not present. You may just choose the output and region fields as per your need.

[default] output = json region = us-east-1 aws_access_key_id = aws_secret_access_key =
We have taken care to package the required modules. But if there are any additional packages required, install the missing modules based on the error encountered like below:

On Linux, pip install <module>

Eg: pip install requests

On Windows, easy_install <module>

Eg: easy_install requests
Whenever you need SAML access to your AWS services, just the command:

aws-saml
This does the following:
- Verifies your ~/.aws/configure file to set the approriate region; OR creates one if its not present
  - Prompts the user for AD username/password and does SAML auth with our ADFS
    
    NOTE: Username has to be in the format <domain><networkID>
  - Based on SAML response, prompts the user to choose the roles available on AWS for that user
  - Then, stores the temporarily created credentials (using Amazon STS service) for the user in the ~/.aws/credentials file along with STS token
  - Use API calls to work on AWS resources
  - Sample API call used in the script is for listing the S3 buckets, which is in Boto2.x format

Project details

Release history Release notifications | RSS feed

This version

1.0.8.2

Aug 28, 2020

1.0.8.1

Jul 23, 2019

1.0.8.0

Jul 23, 2019

1.0.7.0

Nov 14, 2018

1.0.6.3

Mar 13, 2017

1.0.6.2

Feb 9, 2017

1.0.6.1

Nov 8, 2016

1.0.5.2

Nov 8, 2016

1.0.5

Oct 28, 2016

1.0.4

Oct 26, 2016

1.0.3

Oct 26, 2016

1.0.2

Oct 24, 2016

1.0.1

Oct 24, 2016

1.0.0

Oct 24, 2016

0.1.1

Oct 21, 2016

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

awssamlpy2-1.0.8.2-py2-none-any.whl (6.1 kB view details)

Uploaded Aug 28, 2020 Python 2

File details

Details for the file awssamlpy2-1.0.8.2-py2-none-any.whl.

File metadata

Download URL: awssamlpy2-1.0.8.2-py2-none-any.whl
Upload date: Aug 28, 2020
Size: 6.1 kB
Tags: Python 2
Uploaded using Trusted Publishing? No
Uploaded via: twine/1.15.0 pkginfo/1.5.0.1 requests/2.6.0 setuptools/44.1.1 requests-toolbelt/0.9.1 tqdm/4.48.2 CPython/2.7.16

File hashes

Hashes for awssamlpy2-1.0.8.2-py2-none-any.whl
Algorithm	Hash digest
SHA256	`4c385baa828f936e3546add41ff81abd92d9a594700f125ec93495db443cbee0`
MD5	`3149a466084d9443e4c8884478b5b6a0`
BLAKE2b-256	`20aaa4f42ed902fb7e86d087836257158f6122eacc7551ee3e3dfcf1466a1be7`