Enterprise companies have a strong desire to centralise identity management into a single platform/solution, like Azure AD, Auth0, Okta, G-suite SAML provider or others. In this scenario one can get access to AWS through Federated SAML SSO (you can read about it here).
But there's a problem: if you live and breathe AWS, you certanly loathe clicking around on the console and you insist scripting the hell of out your infrastructure management. In the end it's 2019 and Infrastructure as Code is not even a buzzword anymore.
This is a browser extensino that allows you to get your job done without any causing any trouble. The extension incercepts the SAMLResponse sent from the IdP to AWS and uses AWS assumeRoleWithSAML API to obtain a set of credentials that you can use from the AWS CLI or any other application.
The credentials file is automatically downloaded to your download folder as
you do the SAML login. The name of the file is set to always be
credentials (overwriting the file if necessary). This allows you to point
the AWS CLI to a stable file.
AWS CLI can read the location of the credentials file from the
environment. Setting
AWS_SHARED_CREDENTIALS_FILE to the credentials file in your browser's
download folder should do the trick.
Assuming browser downloads files to the folder Downloads in your home,
here is what you have to do.
On Linux/macOS: add the following to .bashrc or .bash_profile
export AWS_SHARED_CREDENTIALS_FILE=$HOME/Downloads/credentialsOn Windows: open the terminal and type the following (has to be done only once, the change will persist)
setx AWS_SHARED_CREDENTIALS_FILE C:\Users\<username>\Downloads\credentials- Christian Frichot's version of the same idea https://github.com/xntrik/aws-saml-capture-extension . We kinda worked on this at the same time.
- Dave Johnson https://github.com/sportradar/aws-azure-login . Uses a headless browser to do the authentication.
- G.T.C. (Gerard) Laan's version https://github.com/sportradar/aws-azure-login . Very similar and more customisable, I wasn't aware of it before writing my own solution.
- The more I look the more I find
Licensed under MIT License
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent