A CLI tool that allows you to log in and retrieve AWS temporary credentials using Red Hat SAML IDP
Project description
rh-aws-saml-login
A CLI tool that allows you to log in and retrieve AWS temporary credentials using Red Hat SAML IDP.
Pre-requisites
- Python 3.11 or later
- Connected to Red Hat VPN
- A Red Hat managed computer (Kerberos must be installed and configured) and you are logged in with your Red Hat account
How it works
The rh-aws-saml-login CLI is a tool that simplifies the process of logging into an AWS account via Red Hat SSO. It retrieves a SAML token from the Red Hat SSO server, then fetches and parses the AWS SSO login page to present you with a list of all available accounts and their respective roles. You can then choose your desired account and role, and rh-aws-saml-login uses the SAML token to generate temporary AWS role credentials. Finally, it spawns a new shell with the necessary AWS_ environment variables already set up, so you can immediately use the aws CLI without any further configuration.
Installation
On CSB Fedora, you need to install the Kerberos development package:
sudo dnf install krb5-devel
You can install this library from PyPI with pip:
python3 -m pip install rh-aws-saml-login
or install it with pipx:
pipx install rh-aws-saml-login
You can also use pipx to run the library without installing it:
pipx run rh-aws-saml-login
Usage
rh-aws-saml-login
This spawns a new shell with the following environment variables are set:
AWS_ACCOUNT_NAME: The name/alias of the AWS accountAWS_ROLE_NAME: The name of the roleAWS_ROLE_ARN: The ARN of the roleAWS_ACCESS_KEY_ID: The access key used by the AWS CLIAWS_SECRET_ACCESS_KEY: The secret access key used by the AWS CLIAWS_SESSION_TOKEN: The session token used by the AWS CLIAWS_REGION: The default region used by the AWS CLI
Features
rh-aws-saml-login currently provides the following features (get help with -h or --help):
-
No configuration needed
-
Uses Kerberos authentication
-
Open the AWS web console for an account with the
--consoleoption -
Shell auto-completion (bash, zsh, and fish) including AWS account names
-
Integrates nicely with the starship
[env_var.AWS_ACCOUNT_NAME] format = "$symbol$style [$env_value]($style) " style = "cyan" symbol = "🚀"
Development
- Update CHANGELOG.md with the new version number and date
- Bump the version number in pyproject.toml
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file rh_aws_saml_login-0.3.4.tar.gz.
File metadata
- Download URL: rh_aws_saml_login-0.3.4.tar.gz
- Upload date:
- Size: 7.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.3 CPython/3.11.7 Linux/4.18.0-553.16.1.el8_10.x86_64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7520b69824ab9ad5ed93baf2c961aa78114ab24478609e36ce459f8394f8c897
|
|
| MD5 |
589aa81614d94b90c356fcc14a0a4086
|
|
| BLAKE2b-256 |
420131da0a6d6be5253882d80ad9c6845efde98043fb483d6cd2a9b62536c268
|
File details
Details for the file rh_aws_saml_login-0.3.4-py3-none-any.whl.
File metadata
- Download URL: rh_aws_saml_login-0.3.4-py3-none-any.whl
- Upload date:
- Size: 8.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.3 CPython/3.11.7 Linux/4.18.0-553.16.1.el8_10.x86_64
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
144a8664dfbbf6d5d982611799cbabbc488d1da5b2eb6b84fc0e9dc966cd1064
|
|
| MD5 |
78b61873024915362a12e0dced687dcc
|
|
| BLAKE2b-256 |
e73b4324f2e6276890d087ee9d959ad5c543f84759cb09e52460ece890a22c68
|
