Skip to content
A cli tool and authorization proxy for using the AWS CLI (boto) with OpenId Connect (OIDC)
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github
docs/img
federated_boto
tests
.gitignore
.travis.yml
HISTORY.md
LICENSE
MANIFEST.in
Makefile
README.md
config.yaml.inc
requirements_dev.txt
setup.cfg
setup.py
tox.ini

README.md

federated-boto

CLI application that handled federated authentication for AWS users

Sequence diagram

Prerequisites

  • An OIDC provider like Auth0
  • A well-known openid-configuration URL
  • An Auth0 application created
    • Type : Native
    • Allowed Callback URLs : A list of the localhost URLs created from the POSSIBLE_PORTS list of ports
    • The client_id for this application will be used in the CLI config file
  • An AWS Identity provider
    • with an audience value of the Auth0 application client_id
    • with a valid thumbprint

Instructions

Create a config

cp config.yaml.inc config.yaml

  • well_known_url: The OpenID Connect Discovery Endpoint URL. (Auth0)
  • client_id: The Auth0 client_id generated when the Auth0 application was created in the prerequisites
  • scope: A space delimited list of OpenID Connect Scopes. For example openid and the scope where access control information is made available. Mozilla SSO would use openid https://sso.mozilla.com/claim/groups

Run the tool

python federated_boto/cli.py --role-arn arn:aws:iam::123456789012:role/example-role

Notes

# https://community.auth0.com/t/custom-claims-without-namespace/10999
# https://community.auth0.com/t/how-to-set-audience-for-aws-iam-identity-provider-configuration/12951
You can’t perform that action at this time.