Skip to main content

SAML federated API access for AWS

Project description

As part of AWS Governance to enhance the security with the accounts and IAM users, Federated API access is recommended for AWS resources instead of hard-coded IAM AcessID and SecretKeys in the config file.

# Steps: - Install the python package based on the OS using below command:

For Linux environment, pip install awssamllinux For Windows environment, pip install awssamlwindows

  • Create a ‘configure’ file under ~/.aws directory without providing the values for access and secret keys

    [default] output = json region = us-east-1 aws_access_key_id = aws_secret_access_key =

  • Based on the Python version and installation, the script might throw errors due to missing modules on your system like below -

    requests html5lib configparser

  • Install the required modules:

    On Linux, pip install <module>

    Eg: pip install requests

    On Windows, easy_install <module>

    Eg: easy_install requests

  • Whenever you need SAML access to your AWS services, just the command:

  • This does the following:

    • Prompts the user for AD username/password and does SAML auth with our ADFS

      NOTE: Username has to be in the format rpega<networkID> Eg: rpegamn001

    • Based on SAML response, prompts the user to choose the roles available on AWS for that user

    • Then, stores the temporarily created credentials (using Amazon STS service) for the user in the .aws/credentials file along with STS token

    • Use API calls to work on AWS resources

    • Sample API call used in the script is for listing the S3 buckets, which is in Boto2.x format

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution (5.5 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page