An aws-adfs spinoff that fits BYU's needs
Project description
awslogin
========
Python script for CLI and SDK access to AWS via ADFS while requiring MFA
access using https://duo.com/
History and Purpose
-------------------
BYU used to use the great
`aws-adfs <https://github.com/venth/aws-adfs>`__ CLI tool to login to
our AWS accounts. It worked great, especially the DUO 2FA support.
Eventually, we decided to write our own similar tool but make it
BYU-specific so that we could taylor it to our needs (which basically
means hard-code certain BYU-specific things) and remove some of the
required parameters. Since this tool will be used by BYU employees only
we had that option. We then morphed it a little more for our use cases.
This isn't something that you could use outside of BYU, sorry.
Installation
------------
- Install Python 3.x using your preferred method.
- See https://www.python.org/downloads/ for a windows installation
method.
- In linux you may be able to use apt, rpm or
https://www.python.org/downloads/.
- In Mac you can use homebrew, macports or
https://www.python.org/downloads/.
- Run ``pip3 install byu-awslogin``
Usage
-----
awslogin automatically sets up the default profile in your ~/.aws/config
and ~/.aws/credentials files. ***If you already have a default profile
you want to save in your ~/.aws files make sure to do that before
running awslogin.***
| Once you're logged in, you can execute commands using the AWS CLI or
AWS SDK. Try running ``aws s3 ls``.
| Currently, awslogin tokens are only valid for 1 hour due to the
assume\_role\_with\_saml AWS API call has a max timeout of 1 hour.
To use it:
- Run ``awslogin`` and it will prompt you for the AWS account and role
to use.
- Run ``awslogin --account <account name> --role <role name>`` to skip
the prompting for account and name. You could specify just one of the
arcuments as well.
Reporting bugs or requesting features
-------------------------------------
- Enter an issue on the github repo.
- Or, even better if you can, fix the issue and make a pull request.
Deploying changes
-----------------
- Update the version in the VERSION file.
- Commit the change and push. Handel-codepipeline will run the
automated tests and if they pass it will build and upload a new
version to pypi.
TODO
----
- gracefully handle the error case when the duo push is rejected
- Add support for profiles
- Authenticate once for 8 hours and rerun ``awslogin`` to relogin
- Write tests
- (Nate) index.py
- roles.py
- assume\_role.py
========
Python script for CLI and SDK access to AWS via ADFS while requiring MFA
access using https://duo.com/
History and Purpose
-------------------
BYU used to use the great
`aws-adfs <https://github.com/venth/aws-adfs>`__ CLI tool to login to
our AWS accounts. It worked great, especially the DUO 2FA support.
Eventually, we decided to write our own similar tool but make it
BYU-specific so that we could taylor it to our needs (which basically
means hard-code certain BYU-specific things) and remove some of the
required parameters. Since this tool will be used by BYU employees only
we had that option. We then morphed it a little more for our use cases.
This isn't something that you could use outside of BYU, sorry.
Installation
------------
- Install Python 3.x using your preferred method.
- See https://www.python.org/downloads/ for a windows installation
method.
- In linux you may be able to use apt, rpm or
https://www.python.org/downloads/.
- In Mac you can use homebrew, macports or
https://www.python.org/downloads/.
- Run ``pip3 install byu-awslogin``
Usage
-----
awslogin automatically sets up the default profile in your ~/.aws/config
and ~/.aws/credentials files. ***If you already have a default profile
you want to save in your ~/.aws files make sure to do that before
running awslogin.***
| Once you're logged in, you can execute commands using the AWS CLI or
AWS SDK. Try running ``aws s3 ls``.
| Currently, awslogin tokens are only valid for 1 hour due to the
assume\_role\_with\_saml AWS API call has a max timeout of 1 hour.
To use it:
- Run ``awslogin`` and it will prompt you for the AWS account and role
to use.
- Run ``awslogin --account <account name> --role <role name>`` to skip
the prompting for account and name. You could specify just one of the
arcuments as well.
Reporting bugs or requesting features
-------------------------------------
- Enter an issue on the github repo.
- Or, even better if you can, fix the issue and make a pull request.
Deploying changes
-----------------
- Update the version in the VERSION file.
- Commit the change and push. Handel-codepipeline will run the
automated tests and if they pass it will build and upload a new
version to pypi.
TODO
----
- gracefully handle the error case when the duo push is rejected
- Add support for profiles
- Authenticate once for 8 hours and rerun ``awslogin`` to relogin
- Write tests
- (Nate) index.py
- roles.py
- assume\_role.py
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
byu_awslogin-0.9.13.tar.gz
(8.8 kB
view hashes)
Built Distribution
Close
Hashes for byu_awslogin-0.9.13-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | b97a15a3c75672490a39839dea82b7d52f7afd69bbb843c35a6d1c669f4cade2 |
|
MD5 | e696c061b484e6dd3ca6705d58300fb3 |
|
BLAKE2b-256 | c073ad1040f20f3271e84b9b63ecf2c4c907a3197579f4b08087c03e2d662532 |