A CLI tool that allows you to log in and retrieve AWS temporary credentials using Red Hat SAML IDP

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Project description

rh-aws-saml-login

PyPI - License

A CLI tool that allows you to log in and retrieve AWS temporary credentials using Red Hat SAML IDP.

demo

Pre-requisites

Python 3.11 or later
Connected to Red Hat VPN
A Red Hat managed computer (Kerberos must be installed and configured) and you are logged in with your Red Hat account

How it works

The rh-aws-saml-login CLI is a tool that simplifies the process of logging into an AWS account via Red Hat SSO. It retrieves a SAML token from the Red Hat SSO server, then fetches and parses the AWS SSO login page to present you with a list of all available accounts and their respective roles. You can then choose your desired account and role, and rh-aws-saml-login uses the SAML token to generate temporary AWS role credentials. Finally, it spawns a new shell with the necessary AWS_ environment variables already set up, so you can immediately use the aws CLI without any further configuration.

Installation

On CSB Fedora, you need to install the Kerberos development package:

sudo dnf install krb5-devel

You can install this library from PyPI with pip:

python3 -m pip install rh-aws-saml-login

or install it with pipx:

pipx install rh-aws-saml-login

You can also use pipx to run the library without installing it:

pipx run rh-aws-saml-login

Usage

rh-aws-saml-login

This spawns a new shell with the following environment variables are set:

AWS_ACCOUNT_NAME: The name/alias of the AWS account
AWS_ROLE_NAME: The name of the role
AWS_ROLE_ARN: The ARN of the role
AWS_ACCESS_KEY_ID: The access key used by the AWS CLI
AWS_SECRET_ACCESS_KEY: The secret access key used by the AWS CLI
AWS_SESSION_TOKEN: The session token used by the AWS CLI
AWS_REGION: The default region used by the AWS CLI

Features

rh-aws-saml-login currently provides the following features (get help with -h or --help):

No configuration needed
Uses Kerberos authentication
Open the AWS web console for an account with the --console option
Shell auto-completion (bash, zsh, and fish) including AWS account names

Integrates nicely with the starship

 [env_var.AWS_ACCOUNT_NAME]
 format = "$symbol$style [$env_value]($style) "
 style = "cyan"
 symbol = "🚀"

Development

Update CHANGELOG.md with the new version number and date
Bump the version number in pyproject.toml

Project details

These details have not been verified by PyPI

Project links

GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.3.2

Apr 25, 2024

0.3.1

Apr 18, 2024

0.3.0

Mar 12, 2024

0.2.0

Feb 13, 2024

0.1.1

Feb 13, 2024

0.1.0

Feb 12, 2024

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

rh_aws_saml_login-0.3.2.tar.gz (8.0 kB view hashes)

Uploaded Apr 25, 2024 Source

Built Distribution

rh_aws_saml_login-0.3.2-py3-none-any.whl (8.1 kB view hashes)

Uploaded Apr 25, 2024 Python 3

Hashes for rh_aws_saml_login-0.3.2.tar.gz

Hashes for rh_aws_saml_login-0.3.2.tar.gz
Algorithm	Hash digest
SHA256	`b2b0ef68f1340b42347682c090d2fcae6574b5968498f2c72238a2aba5fe7737`
MD5	`5d837f187dba9037b178d89995f51d30`
BLAKE2b-256	`f2639dd3649b85d9304beeaad46879c8f8094963937e6105702d3d6660461b92`

Hashes for rh_aws_saml_login-0.3.2-py3-none-any.whl

Hashes for rh_aws_saml_login-0.3.2-py3-none-any.whl
Algorithm	Hash digest
SHA256	`94ed440d57ab37b9c9ae96e7e26596fe8c0deaf63f527dabeeb92bf103bf4c29`
MD5	`f438075d6cd69ebe0d0d1d0c542ccc06`
BLAKE2b-256	`0a1cc91f4cda51342e8bc613398a0b3faddf3f3030924d38593265ab1735cf12`