trackiam
aws-runas
Our great sponsors
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
trackiam
-
Plan using ReadOnlyAccess
Is it possible to reasonably plan but not apply with https://github.com/glassechidna/trackiam/blob/master/policies/ReadOnlyAccess.json ?
- Minimal IAM policy for a (read-only) plan on AWS?
- AWS IAM Tracker
-
AWS federation comes to GitHub Actions
Shoutouts to Aidan, he always manages to dig up some real obscure AWS insights!
I can recommend checking out his trackiam project too: https://github.com/glassechidna/trackiam
aws-runas
- How do you get CLI credentials for a federated role?
-
session manager vs plain old ssh
I use aws-runas, the 3.x versions have builtin support for using session manager with shell and port forwarding.
-
Forcing users to authenticate with MFA
I can't comment on your particular MFA policy issue, but you could consider adding aws-runas to your workflow. Although mostly written for assuming roles, I have used it with session tokens with much success. The logic to assume roles using MFA actually calls the get-session-token API under the covers so the session token credentials indicating MFA was used are leveraged to get the role credentials.
-
aws-runas - Make using IAM roles easier
Version 3.0 is available for download from Github: https://github.com/mmmorris1975/aws-runas/releases/latest
-
Problems using a profile with assumed role
Have you considered a tool like aws-runas? It makes these sort of interactions much easier, and in the coming major release it will support all of the different Assume Role mechanics (IAM, SAML, and Web Identity). It currently handles IAM and SAML.
What are some alternatives?
aws-cct - AWS Cost Comparison Tool - Moved to https://gitlab.agodadev.io/partnertech/aws-cct
gimme-aws-creds - A CLI that utilizes Okta IdP via SAML to acquire temporary AWS credentials
aws-redis-iam-auth-golang - Using IAM authentication for Redis on AWS
saml2aws - CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP
vault-demo
aws-mfa - Manage AWS MFA Security Credentials
aws
zitadel - ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era.
awsdtc - AWS Data Transfer Cost Explorer
awsu - Enhanced account switching for AWS, supports Yubikey as MFA source
gitlab
aws-vault - A vault for securely storing and accessing AWS credentials in development environments