SAML federated API access for AWS
Project description
As part of AWS Governance to enhance the security with the accounts and IAM users, Federated API access is recommended for AWS resources instead of hard-coded IAM AcessID and SecretKeys in the config file.
# Steps:
If this is the first time install of this python package, use below command:
For Python2.x version, pip install awssamlpy2 For Python3.x version, pip install awssamlpy3
To upgrade this python package to latest version, use below command:
For Python2.x version, pip install awssamlpy2 –upgrade For Python3.x version, pip install awssamlpy3 –upgrade
Create a ‘awssaml.properties’ (~/awssaml.properties) file under your user home directory like below -
[UserProp] aws-region=us-east-1 aws-outputformat=json idpurl=https://<Your Company AWS SAML Domain>/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices
Please refer to Mesh DOC-111675 for the idpurl
Create a ‘configure’ file under ~/.aws directory without providing the values for access and secret keys. Dont worry if haven’t yet; the package will automatically create one if this file is not present. You may just choose the output and region fields as per your need.
[default] output = json region = us-east-1 aws_access_key_id = aws_secret_access_key =
We have taken care to package the required modules. But if there are any additional packages required, install the missing modules based on the error encountered like below:
- On Linux, pip install <module>
Eg: pip install requests
- On Windows, easy_install <module>
Eg: easy_install requests
Whenever you need SAML access to your AWS services, just the command:
aws-saml
This does the following:
Verifies your ~/.aws/configure file to set the approriate region; OR creates one if its not present
- Prompts the user for AD username/password and does SAML auth with our ADFS
NOTE: Username has to be in the format <domain><networkID>
Based on SAML response, prompts the user to choose the roles available on AWS for that user
Then, stores the temporarily created credentials (using Amazon STS service) for the user in the ~/.aws/credentials file along with STS token
Use API calls to work on AWS resources
Sample API call used in the script is for listing the S3 buckets, which is in Boto2.x format
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file nh-awssamlpy2-1.0.8.0.tar.gz.
File metadata
- Download URL: nh-awssamlpy2-1.0.8.0.tar.gz
- Upload date:
- Size: 5.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.6.0 setuptools/41.0.1 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/2.7.16
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9528395e99965a9812bf870eab89fcd8b643cc3ce17ccc8e5d2b525b36042571 |
|
| MD5 | cd5193c4dda31e93f9dd5c074cad9014 |
|
| BLAKE2b-256 | d9fed2c75522ff8ec9a228265e63ffcaeabbd450c612e9945c463a7d140a77f0 |
File details
Details for the file nh_awssamlpy2-1.0.8.0-py2-none-any.whl.
File metadata
- Download URL: nh_awssamlpy2-1.0.8.0-py2-none-any.whl
- Upload date:
- Size: 6.0 kB
- Tags: Python 2
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.6.0 setuptools/41.0.1 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/2.7.16
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | bfa0ff4e7821411d971f10f5e0043396638add38f083a22dfad071620b7f01a7 |
|
| MD5 | a338a62c7baf152f78e6694f6baa635a |
|
| BLAKE2b-256 | 1108420e42f1d00674cf3f41afc6ca7aad94a9d4a2f88e6f6b7577417690abae |
