Comments (11)
It seems totally customer-hostile to have an AWS CLI not work with an AWS service. For every other (competing!) IDP there is support, but not for the AWS one.
Going to see if I can hack something together myself.
from awsprocesscreds.
I'll echo the sentiments of @obijan42. I've wasted considerable time tonight trying to figure out how to auth on the cli without this copy/paste loop - which is just not practical for routine use. It didn't even occur to me that this impractical method would really be the only way to combine sso with the aws cli.
Its shocking to me that there isn't a CLI based auth flow for temporary credentials, and I think this is in direct tension with the advice we see in AWS documentation and from AWS personnel - which instructs us to avoid IAM users and long-lived access keys in favor of SSO, roles and rotating credentials in a multi account setup. Nothing makes me want to reach for long-lived access keys and IAM users more than this cumbersome alternate scenario.
At least one of AWS's competitors in the top-tier cloud provider space does it exactly right, out of the box, and has for years (Google it :P). This is a huge quality of life loser for AWS, I really hope you consider making it a higher priority.
from awsprocesscreds.
For what it’s worth. The aws2 cli is now out in beta, which support aws sso commands and auth.
There’s also support for the aws sso service in some aws sdk’s now (ruby for example).
from awsprocesscreds.
Hi @lorengordon, it's been a while since this issue is open but - as @mattmcf stated - AWS CLI v2 has support for AWS SSO, allowing you to log into your Portal URL, providing you AWS SSO User's credentials. Through the aws configure sso
command you'll be able to create Named Profiles associated to the AWS IAM Roles you want to access, and that your user is allowed to access. For what concerns support to AWS SSO - IMO - the overall AWS CLI v2 user-experience could be improved, and that's what my team is trying to address. We're working on an Open Source project that manages credentials in your local-environment to access a complex Cloud Environment. If it makes sense to you, give a look at Leapp project
from awsprocesscreds.
This is definitely something we're interested in supporting, but I can't give a specific timeline for when it will be ready.
from awsprocesscreds.
+1
from awsprocesscreds.
Any updates on this issue ??
from awsprocesscreds.
+1
from awsprocesscreds.
It's a bit quirky (it opens browser) but it saves keys to file using python/selenium automation: automate-AWS-SSO
from awsprocesscreds.
+1
from awsprocesscreds.
+1
from awsprocesscreds.
Related Issues (20)
- Feature Request: Support Google Login HOT 1
- Feature request: Ability to accept additional input from end-user HOT 2
- F5 SSO provider HOT 2
- CLI option for specifying User Agent HOT 1
- --verbose parameter causes json parsing issue HOT 2
- Can't use a default profile
- ssl error - cant ignore HOT 2
- json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0) HOT 1
- Plug-in Architecture for Authenticators
- HTML Parsing is not robust enough
- Code is posting form back to url specified in configuration, not to the url you are on
- Support for setting DurationSeconds(MaxSessionDuration) during AssumeRoleWithSaml
- Support for disabling ssl verification
- Okta broken HOT 5
- Support for Duo Security MFA HOT 1
- Support for Shibboleth IdPv3 and shibcas authenticator
- Is the Credential Provider have to use the Windows password?
- Okta
- Archive project
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from awsprocesscreds.