This is a utility to obtain temporary Amazon Web Services (AWS) Security Token Service (STS) credentials for use on the local Command Line Interface (CLI).
This is an enhancement on the popular AWS Google Auth application, which uses a requests library to authenticate to Google before authenticating to AWS via SAML.
This application works similarly, however bypasses the need to authenticate into Google by using the user's existing Google web browser session to post the SAML assertion used for AWS authentication back to this application via local HTTP callback.
This project relies on Python (specifically, we've only tested on Python 3). Please first install Python3 using Brew
brew install pythonYou'll then need to configure profiles to use in your ~/.aws/config file. An example below:
[profile profile-name]
region = ap-southeast-2
account = 123456789012
google_config.google_idp_id = ABCDE1234
google_config.role_name = production-engineer
google_config.google_sp_id = 000000000000
Ready? Start the app with the following command
python3 google-saml-auth.py --profile profile-name// TODO: How to setup application in Google SAML Console