An aws-adfs spinoff that fits BYU's needs
Project description
awslogin
========
Python script for CLI and SDK access to AWS via ADFS while requiring MFA
access using https://duo.com/
History and Purpose
-------------------
BYU used to use the great
`aws-adfs <https://github.com/venth/aws-adfs>`__ CLI tool to login to
our AWS accounts. It worked great, especially the DUO 2FA support.
Eventually, we decided to write our own similar tool but make it
BYU-specific so that we could taylor it to our needs (which basically
means hard-code certain BYU-specific things) and remove some of the
required parameters. Since this tool will be used by BYU employees only
we had that option. We then morphed it a little more for our use cases.
This isn't something that you could use outside of BYU, sorry.
Installation
------------
- Install Python 3.x using your preferred method. See the `installation
options <INSTALLATION_OPTIONS.md>`__ page for step by step
instructions for installing in various environments.
- See https://www.python.org/downloads/ for a windows installation
method.
- In linux you may be able to use apt, rpm or
https://www.python.org/downloads/.
- In Mac you can use homebrew, macports or
https://www.python.org/downloads/.
- Run ``pip3 install byu-awslogin``
Usage
-----
awslogin defaults to the default profile in your ~/.aws/config and
~/.aws/credentials files. ***If you already have a default profile you
want to save in your ~/.aws files make sure to do that before running
awslogin.***
| Once you're logged in, you can execute commands using the AWS CLI or
AWS SDK. Try running ``aws s3 ls``.
| Currently, awslogin tokens are only valid for 1 hour due to the
assume\_role\_with\_saml AWS API call has a max timeout of 1 hour.
To use it:
- Run ``awslogin`` and it will prompt you for the AWS account and role
to use.
- Run ``awslogin --account <account name> --role <role name>`` to skip
the prompting for account and name. You could specify just one of the
arguments as well.
- Run ``awslogin --profile <profile name>`` to specifiy an alternative
profile
- Run ``awslogin -- --help`` for full help message
Reporting bugs or requesting features
-------------------------------------
- Enter an issue on the github repo.
- Or, even better if you can, fix the issue and make a pull request.
Deploying changes
-----------------
- Update the version in the VERSION file.
- Commit the change and push. Handel-codepipeline will run the
automated tests and if they pass it will build and upload a new
version to pypi.
TODO
----
- gracefully handle the error case when the duo push is rejected
- Add support for profiles
- Authenticate once for 8 hours and rerun ``awslogin`` to relogin
- Write tests
- roles.py
- assume\_role.py
========
Python script for CLI and SDK access to AWS via ADFS while requiring MFA
access using https://duo.com/
History and Purpose
-------------------
BYU used to use the great
`aws-adfs <https://github.com/venth/aws-adfs>`__ CLI tool to login to
our AWS accounts. It worked great, especially the DUO 2FA support.
Eventually, we decided to write our own similar tool but make it
BYU-specific so that we could taylor it to our needs (which basically
means hard-code certain BYU-specific things) and remove some of the
required parameters. Since this tool will be used by BYU employees only
we had that option. We then morphed it a little more for our use cases.
This isn't something that you could use outside of BYU, sorry.
Installation
------------
- Install Python 3.x using your preferred method. See the `installation
options <INSTALLATION_OPTIONS.md>`__ page for step by step
instructions for installing in various environments.
- See https://www.python.org/downloads/ for a windows installation
method.
- In linux you may be able to use apt, rpm or
https://www.python.org/downloads/.
- In Mac you can use homebrew, macports or
https://www.python.org/downloads/.
- Run ``pip3 install byu-awslogin``
Usage
-----
awslogin defaults to the default profile in your ~/.aws/config and
~/.aws/credentials files. ***If you already have a default profile you
want to save in your ~/.aws files make sure to do that before running
awslogin.***
| Once you're logged in, you can execute commands using the AWS CLI or
AWS SDK. Try running ``aws s3 ls``.
| Currently, awslogin tokens are only valid for 1 hour due to the
assume\_role\_with\_saml AWS API call has a max timeout of 1 hour.
To use it:
- Run ``awslogin`` and it will prompt you for the AWS account and role
to use.
- Run ``awslogin --account <account name> --role <role name>`` to skip
the prompting for account and name. You could specify just one of the
arguments as well.
- Run ``awslogin --profile <profile name>`` to specifiy an alternative
profile
- Run ``awslogin -- --help`` for full help message
Reporting bugs or requesting features
-------------------------------------
- Enter an issue on the github repo.
- Or, even better if you can, fix the issue and make a pull request.
Deploying changes
-----------------
- Update the version in the VERSION file.
- Commit the change and push. Handel-codepipeline will run the
automated tests and if they pass it will build and upload a new
version to pypi.
TODO
----
- gracefully handle the error case when the duo push is rejected
- Add support for profiles
- Authenticate once for 8 hours and rerun ``awslogin`` to relogin
- Write tests
- roles.py
- assume\_role.py
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
byu_awslogin-0.9.17.tar.gz
(9.6 kB
view hashes)
Built Distribution
Close
Hashes for byu_awslogin-0.9.17-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f64d830c6762a5d6f9325e0ff00990acde926167ad2e2317e37ae2cb652560a6 |
|
MD5 | c29aed2ac267feb4267ff09741b6d55d |
|
BLAKE2b-256 | cbd19412fadb4078605275d6fad4bf6f2e4490724dd555f8c91e4693e6b8ac45 |