Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get temporary AWS CLI credentials using ForgeRock SSO. i.e. gimme-aws-creds or okta-aws-cli. #290

Open
chicodeme opened this issue Oct 3, 2023 · 0 comments
Open

Get temporary AWS CLI credentials using ForgeRock SSO. i.e. gimme-aws-creds or okta-aws-cli. #290

chicodeme opened this issue Oct 3, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@chicodeme
Copy link

So looks like this utility calls SAML to Okta via API call. Then parses the html for the assertion. Then uses the aws_auth.get_sts_token python library to exchange that for a AWS token that you then set via enviroment variables and continue to use the AWS cli. Glancing at https://github.com/okta-awscli/okta-awscli/blob/main/oktaawscli/okta_awscli.py

    """ Outputs STS credentials to console """
    exports = "\n".join([
        "export AWS_ACCESS_KEY_ID=%s" % access_key_id,
        "export AWS_SECRET_ACCESS_KEY=%s" % secret_access_key,
        "export AWS_SESSION_TOKEN=%s" % session_token
    ])

This helps because everyone sticks to the ForgeRock IDP and does not start creating local AWS accounts for this. Local accounts easily get out of control and hard to track and manage.
@chicodeme chicodeme added the enhancement New feature or request label Oct 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chicodeme