Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
ui
 
 
 
 
 
 
 
 
 
 
 
 

AWS Credentials Issuer

Goals

When using AWS with federated authentication with SAML it is tricky to generate access and secret keys. The idea behind this project is to have your identity provider control AWS access via JWT claims. That is, should a users JWT contain a claim of roles which is an array of Amazon role ARNs the lambda function will execute an AssumeRole and return the credentials.

Additionally, the service generates federated sign on URLs for console access.

Example:

Get a sign in URL:

curl -i https://api-gateway/dev/api/login?role=arn:aws:iam::account-id:role/role-name -H "Authorization: bearer JWT-TOKEN"
HTTP/2 301
content-type: application/json
content-length: 0
location: https://signin.aws.amazon.com/federation?Action=login&Issuer=aws-credentials-issuer&Destination=https%3A%2F%2Fconsole.aws.amazon.com&SigninToken=SIGN_IN_TOKEN
date: Sun, 25 Nov 2018 22:55:37 GMT
x-amzn-requestid: 39157c93-f105-11e8-b9c8-e97c811258c0
x-amz-apigw-id: Q8NAZEkrFiAFsig=
x-amzn-trace-id: Root=1-5bfb2868-ebb115d00468a2303cff1f30;Sampled=0
x-cache: Miss from cloudfront
via: 1.1 6e3453a91a5fc5982955003a408b061d.cloudfront.net (CloudFront)
x-amz-cf-id: zpwf0oPhNhV1PbKXzQk88iEiJGR7LPaj9jGGwoWNtioYxXQu_RFGyg==

Get API Credentials:

curl https://api-gateway/dev/api/credentials?role=arn:aws:iam::account-id:role/role-name -H "Authorization: bearer JWT"
{
    "AccessKeyId": "",
    "Expiration": "2018-11-25T23:57:04+00:00",
    "SecretAccessKey": "",
    "SessionToken": ""
}

About

Trade JWTs for access and secret keys

Resources

Releases

No releases published

Packages

No packages published