A CLI tool that allows you to log in and retrieve AWS temporary credentials using Red Hat SAML IDP
Project description
rh-aws-saml-login
A CLI tool that allows you to log in and retrieve AWS temporary credentials using Red Hat SAML IDP.
Pre-requisites
- Python 3.11 or later
- Connected to Red Hat VPN
- A Red Hat managed computer (Kerberos must be installed and configured) and you are logged in with your Red Hat account
How it works
The rh-aws-saml-login
CLI is a tool that simplifies the process of logging into an AWS account via Red Hat SSO. It retrieves a SAML token from the Red Hat SSO server, then fetches and parses the AWS SSO login page to present you with a list of all available accounts and their respective roles. You can then choose your desired account and role, and rh-aws-saml-login
uses the SAML token to generate temporary AWS role credentials. Finally, it spawns a new shell with the necessary AWS_
environment variables already set up, so you can immediately use the aws
CLI without any further configuration.
Installation
On CSB Fedora, you need to install the Kerberos development package:
sudo dnf install krb5-devel
You can install this library from PyPI with pip
:
python3 -m pip install rh-aws-saml-login
or install it with pipx
:
pipx install rh-aws-saml-login
You can also use pipx
to run the library without installing it:
pipx run rh-aws-saml-login
Usage
rh-aws-saml-login
This spawns a new shell with the following environment variables are set:
AWS_ACCOUNT_NAME
: The name/alias of the AWS accountAWS_ROLE_NAME
: The name of the roleAWS_ROLE_ARN
: The ARN of the roleAWS_ACCESS_KEY_ID
: The access key used by the AWS CLIAWS_SECRET_ACCESS_KEY
: The secret access key used by the AWS CLIAWS_SESSION_TOKEN
: The session token used by the AWS CLIAWS_REGION
: The default region used by the AWS CLI
Features
rh-aws-saml-login currently provides the following features (get help with -h
or --help
):
-
No configuration needed
-
Uses Kerberos authentication
-
Open the AWS web console for an account with the
--console
option -
Shell auto-completion (bash, zsh, and fish) including AWS account names
-
Integrates nicely with the starship
[env_var.AWS_ACCOUNT_NAME] format = "$symbol$style [$env_value]($style) " style = "cyan" symbol = "🚀"
Development
- Update CHANGELOG.md with the new version number and date
- Bump the version number in pyproject.toml
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for rh_aws_saml_login-0.3.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 94ed440d57ab37b9c9ae96e7e26596fe8c0deaf63f527dabeeb92bf103bf4c29 |
|
MD5 | f438075d6cd69ebe0d0d1d0c542ccc06 |
|
BLAKE2b-256 | 0a1cc91f4cda51342e8bc613398a0b3faddf3f3030924d38593265ab1735cf12 |