SAML federated API access for AWS
Project description
As part of AWS Governance to enhance the security with the accounts and IAM users, Federated API access is recommended for AWS resources instead of hard-coded IAM AcessID and SecretKeys in the config file.
# Steps: - Install the python package based on the OS using below command:
For Linux environment, pip install awssamllinux For Windows environment, pip install awssamlwindows
Create a ‘configure’ file under ~/.aws directory without providing the values for access and secret keys
[default] output = json region = us-east-1 aws_access_key_id = aws_secret_access_key =
Based on the Python version and installation, the script might throw errors due to missing modules on your system like below -
requests html5lib configparser
Install the required modules:
- On Linux, pip install <module>
Eg: pip install requests
- On Windows, easy_install <module>
Eg: easy_install requests
Whenever you need SAML access to your AWS services, just the command:
aws-saml.py
This does the following:
- Prompts the user for AD username/password and does SAML auth with our ADFS
NOTE: Username has to be in the format rpega<networkID> Eg: rpegamn001
Based on SAML response, prompts the user to choose the roles available on AWS for that user
Then, stores the temporarily created credentials (using Amazon STS service) for the user in the .aws/credentials file along with STS token
Use API calls to work on AWS resources
Sample API call used in the script is for listing the S3 buckets, which is in Boto2.x format
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.