awssamlwindows 0.0.1

SAML federated API access for AWS

As part of AWS Governance to enhance the security with the accounts and IAM users, Federated API access is recommended for AWS resources instead of hard-coded IAM AcessID and SecretKeys in the config file.

# Steps: - Install the python package based on the OS using below command:

For Linux environment, pip install awssamllinux For Windows environment, pip install awssamlwindows

• Create a ‘configure’ file under ~/.aws directory without providing the values for access and secret keys

  [default] output = json region = us-east-1 aws_access_key_id = aws_secret_access_key =

• Based on the Python version and installation, the script might throw errors due to missing modules on your system like below -

  requests html5lib configparser

• Install the required modules:

  On Linux, pip install <module>

  Eg: pip install requests

  On Windows, easy_install <module>

  Eg: easy_install requests

• Whenever you need SAML access to your AWS services, just the command:

  aws-saml.py

• This does the following:

  • Prompts the user for AD username/password and does SAML auth with our ADFS

    NOTE: Username has to be in the format rpega<networkID> Eg: rpegamn001

  • Based on SAML response, prompts the user to choose the roles available on AWS for that user

  • Then, stores the temporarily created credentials (using Amazon STS service) for the user in the .aws/credentials file along with STS token

  • Use API calls to work on AWS resources

  • Sample API call used in the script is for listing the S3 buckets, which is in Boto2.x format