UNPKG

aws-saml-cli

Version:

A CLI tool to fetch AWS credentials via SAML authentication

github.com/bug3/aws-saml-cli

bug3/aws-saml-cli

94 lines (61 loc) 2.29 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# aws-saml-cli &middot; [![npm version](https://img.shields.io/npm/v/aws-saml-cli.svg)](https://www.npmjs.com/package/aws-saml-cli) [![CLI tool](https://img.shields.io/badge/type-cli-blue)](https://www.npmjs.com/package/aws-saml-cli) [![GitHub license](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/bug3/aws-saml-cli/blob/master/LICENSE) CLI tool for SAML-based AWS authentication via your Identity Provider (IdP). Securely saves your login session, captures the SAML response, parses the assertion, and assumes your AWS role with STS. ## Features - Interactive login via browser - Saves session state encrypted with [uniquenv](https://github.com/bug3/uniquenv) - Intercepts SAML response and extracts role information - Assumes AWS role and writes credentials to `~/.aws/credentials` - Optional AWS region override via `--region` --- ## Installation ```bash npm install -g aws-saml-cli ``` > Installs the CLI globally as the `aws-saml-cli` command. --- ## Usage ### Save SAML session ```bash aws-saml-cli save-session "<saml-login-url>" ``` - Opens a browser to the given SAML login URL - Login manually and press F8 or the Resume button in the browser - Encrypted session is saved to `~/.aws-saml-cli/session.uniquenv` --- ### Capture SAML and assume AWS role ```bash aws-saml-cli capture [--region <aws-region>] ``` - Loads the encrypted session - Navigates to the previously stored login URL - Intercepts the SAML `POST` request - Parses the `SAMLResponse`, extracts the role and principal ARNs - Sends `AssumeRoleWithSAML` to STS - Writes credentials to `~/.aws/credentials` under `[default]` --- ## Configuration - Region can be provided via `--region`, otherwise resolved via: - `AWS_REGION` or `AWS_DEFAULT_REGION` environment variable - `~/.aws/config` profile --- ## Example Workflow ```bash aws-saml-cli save-session "https://your-idp.example.com/sso/initiate" ``` ```bash aws-saml-cli capture ``` ```bash aws sts get-caller-identity ``` --- ## Session File Session is stored at: ``` ~/.aws-saml-cli/session.uniquenv ``` Encrypted using your device-specific key with [uniquenv](https://github.com/bug3/uniquenv). Cannot be decrypted on other machines. --- ## License [MIT](https://choosealicense.com/licenses/mit/)