aws-runas
gimme-aws-creds
aws-runas | gimme-aws-creds | |
---|---|---|
5 | 5 | |
86 | 907 | |
- | 0.7% | |
4.1 | 7.9 | |
14 days ago | 9 days ago | |
Go | Python | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
aws-runas
- How do you get CLI credentials for a federated role?
-
session manager vs plain old ssh
I use aws-runas, the 3.x versions have builtin support for using session manager with shell and port forwarding.
-
Forcing users to authenticate with MFA
I can't comment on your particular MFA policy issue, but you could consider adding aws-runas to your workflow. Although mostly written for assuming roles, I have used it with session tokens with much success. The logic to assume roles using MFA actually calls the get-session-token API under the covers so the session token credentials indicating MFA was used are leveraged to get the role credentials.
-
aws-runas - Make using IAM roles easier
Version 3.0 is available for download from Github: https://github.com/mmmorris1975/aws-runas/releases/latest
-
Problems using a profile with assumed role
Have you considered a tool like aws-runas? It makes these sort of interactions much easier, and in the coming major release it will support all of the different Assume Role mechanics (IAM, SAML, and Web Identity). It currently handles IAM and SAML.
gimme-aws-creds
- Script or software that automatically populate specific profile in ~/.aws/credentials
-
Getting AWS CLI credentials through Okta SSO?
I got gimme-aws-creds (https://github.com/Nike-Inc/gimme-aws-creds) to authenticate via Okta - but no AWS roles are found in the SAML response. It works fine through the AWS console.
- How do you get CLI credentials for a federated role?
-
How to use AWS CLI with Okta?
Gimme creds works nicely: https://github.com/Nike-Inc/gimme-aws-creds
-
Securing AWS API credentials and access to AWS API
AWS has always lagged behind is offering reasonable native authentication options to its console and CLI. In order to support something like "yubikey" you need to go with another authentication and authorization provider such as Okta which provides support for a wide variety of MFA options. Then you can also use open source tooling such as https://github.com/Nike-Inc/gimme-aws-creds to grab temporary credentials. Okta is the one I'm most familiar but there are others out there as well.
What are some alternatives?
saml2aws - CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP
aws-mfa - Manage AWS MFA Security Credentials
okta-aws-cli-assume-role - Okta AWS CLI Assume Role Tool
zitadel - ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era.
sceptre - Build better AWS infrastructure
trackiam - A project to collate IAM actions, AWS APIs and managed policies from various public sources.
awsume - A utility for easily assuming AWS IAM roles from the command line.
awsu - Enhanced account switching for AWS, supports Yubikey as MFA source
terraform-provider-aws - The AWS Provider enables Terraform to manage AWS resources.
aws-vault - A vault for securely storing and accessing AWS credentials in development environments