Login to AWS account via Okta (SAML) from the command line

Logs in to AWS ECR at the same time. Populates $HOME/.aws/credentials and runs docker login with temporary ECR credentials.

Releases

Install

curl -L https://raw.githubusercontent.com/gilt/okta-aws-login/master/install | /bin/bash

CLI

Login to AWS via Okta/SAML.

Usage: okta-aws-login [-v|--verbose] [-V|--version] [-l|--list-profiles]
                      [-u|--user ARG] [-p|--aws-profile ARG] [-r|--region ARG]
                      [-c|--config-file ARG] [-k|--keep-reloading] [-E|--no-ecr]
  Login to AWS via Okta/SAML (source: https://github.com/gilt/okta-aws-login)
  Default config file: "$HOME/.okta-aws-login.json" Example config
  JSON:
  {"saml":[{"org":"orgname","aws_profile":"my-aws-profile","okta_aws_account_id":"0oa1298hUiqWerSnBVpO"},{"default":true,"org":"orgname","aws_profile":"my-default-aws-profile","okta_aws_account_id":"0oa87GhDsxZaQw32571u"}]}

Available options:
  -h,--help                Show this help text
  -v,--verbose             Be verbose.
  -V,--version             Print version and exit.
  -l,--list-profiles       List available AWS profiles and exit.
  -u,--user ARG            User name.
  -p,--aws-profile ARG     AWS profile. Defaults to value of AWS_PROFILE env
                           var, then to default config entry.
  -r,--region ARG          AWS region. (default: us-east-1)
  -c,--config-file ARG     Use alternative config
                           file. (default: "$HOME/.okta-aws-login.json")
  -k,--keep-reloading      Keep reloading session token hourly (that's the max
                           TTL at the moment). This only works well on a trusted
                           network where you don't need MFA.
  -E,--no-ecr              Skip 'docker login' to associated ECR registry,
                           enabled by default, requires docker binary available
                           in the PATH.

Log in using default AWS profile, you'll be prompted for user name / password:

  $ okta-aws-login

Specify user name and keep reloading session:

  $ okta-aws-login --user my-okta-user-name --keep-reloading

Log in with more than one AWS profile:

  $ okta-aws-login --user my-okta-user-name --aws-profile my-aws-profile1 --aws-profile my-aws-profile2

Skip ECR login (if you don't care about docker and don't have it installed)

  $ okta-aws-login --no-ecr --user my-okta-user-name --aws-profile my-aws-profile1

You need a $HOME/.okta-aws-login.json config file with list of profiles and associated Okta account IDs, e.g.

{
  "saml": [
    {
      "org": "orgname",
      "aws_profile": "my-aws-profile",
      "okta_aws_account_id": "0oa1298hUiqWerSnBVpO"
    },
    {
      "default": true,
      "org": "orgname",
      "aws_profile": "my-default-aws-profile",
      "okta_aws_account_id": "0oa87GhDsxZaQw32571u"
    }
  ]
}

Development

To build it from source you need haskell stack. While not strictly required, Makefile tries to compress generated binaries with upx (brew install upx). Optionally you also need hlint (stack install hlint).

Okta API.

Okta official CLI inspiration

cdickens-hbc / okta-aws-login Goto Github PK

okta-aws-login's Introduction

Login to AWS account via Okta (SAML) from the command line

Install

CLI

Development

okta-aws-login's People

Contributors

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent