Difference between revisions of "Saml2aws"

From wikieduonline
Jump to navigation Jump to search
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
{{lowercase}}
 
{{lowercase}}
<code>saml2aws</cde> CLI tool which enables you to login and retrieve AWS temporary credentials using with [[ADFS]] or [[PingFederate]] [[Identity Providers]].
+
<code>saml2aws</code> CLI tool which enables you to login and retrieve AWS temporary credentials using with [[ADFS]] or [[PingFederate]] [[Identity Providers]]
 +
* https://github.com/Versent/saml2aws
 +
 
 +
[[brew install saml2aws]]
 +
 
 +
 
 +
[[saml2aws --help]]
 +
[[saml2aws help]]
 +
[[saml2aws configure]]
 +
[[saml2aws login]]
 +
[[saml2aws login]] --verbose
 +
[[saml2aws exec]]
 +
[[saml2aws console]]
 +
[[saml2aws list-roles]]
 +
[[saml2aws script]]
 +
 
 +
 
 +
 
 +
 
 +
 
 +
<pre>
 +
usage: saml2aws [<flags>] <command> [<args> ...]
  
 +
A command line tool to help with SAML access to the AWS token service.
  
* https://github.com/Versent/saml2aws
+
Flags:
 +
      --help                  Show context-sensitive help (also try --help-long and --help-man).
 +
      --version                Show application version.
 +
      --verbose                Enable verbose logging
 +
      --quiet                  silences logs
 +
  -i, --provider=PROVIDER      This flag is obsolete. See: https://github.com/Versent/saml2aws#configuring-idp-accounts
 +
      --config=CONFIG          Path/filename of saml2aws config file (env: SAML2AWS_CONFIGFILE)
 +
  -a, --idp-account="default"  The name of the configured IDP account. (env: SAML2AWS_IDP_ACCOUNT)
 +
      --idp-provider=IDP-PROVIDER
 +
                              The configured IDP provider. (env: SAML2AWS_IDP_PROVIDER)
 +
      --browser-type=BROWSER-TYPE
 +
                              The configured browser type when the IDP provider is set to Browser. if not set 'chromium' will be used. (env: SAML2AWS_BROWSER_TYPE)
 +
      --browser-executable-path=BROWSER-EXECUTABLE-PATH
 +
                              The configured browser full path when the IDP provider is set to Browser. If set, no browser download will be performed and the
 +
                              executable path will be used instead. (env: SAML2AWS_BROWSER_EXECUTABLE_PATH)
 +
      --browser-autofill      Configures browser to autofill the username and password. (env: SAML2AWS_BROWSER_AUTOFILL)
 +
      --mfa=MFA                The name of the mfa. (env: SAML2AWS_MFA)
 +
  -s, --skip-verify            Skip verification of server certificate. (env: SAML2AWS_SKIP_VERIFY)
 +
      --url=URL                The URL of the SAML IDP server used to login. (env: SAML2AWS_URL)
 +
      --username=USERNAME      The username used to login. (env: SAML2AWS_USERNAME)
 +
      --password=PASSWORD      The password used to login. (env: SAML2AWS_PASSWORD)
 +
      --mfa-token=MFA-TOKEN    The current MFA token (supported in Keycloak, ADFS, GoogleApps). (env: SAML2AWS_MFA_TOKEN)
 +
      --role=ROLE              The ARN of the role to assume. (env: SAML2AWS_ROLE)
 +
      --aws-urn=AWS-URN        The URN used by SAML when you login. (env: SAML2AWS_AWS_URN)
 +
      --skip-prompt            Skip prompting for parameters during login.
 +
      --session-duration=SESSION-DURATION
 +
                              The duration of your AWS Session. (env: SAML2AWS_SESSION_DURATION)
 +
      --disable-keychain      Do not use keychain at all. This will also disable Okta sessions & remembering MFA device. (env: SAML2AWS_DISABLE_KEYCHAIN)
 +
  -r, --region=REGION          AWS region to use for API requests, e.g. us-east-1, us-gov-west-1, cn-north-1 (env: SAML2AWS_REGION)
 +
      --prompter=PROMPTER      The prompter to use for user input (default, pinentry)
 +
 
 +
Commands:
 +
  help [<command>...]
 +
    Show help.
 +
 
 +
  configure [<flags>]
 +
    Configure a new IDP account.
 +
 
 +
  login [<flags>]
 +
    Login to a SAML 2.0 IDP and convert the SAML assertion to an STS token.
 +
 
 +
  exec [<flags>] [<command>...]
 +
    Exec the supplied command with env vars from STS token.
 +
 
 +
  console [<flags>]
 +
    Console will open the aws console after logging in.
 +
 
 +
  list-roles [<flags>]
 +
    List available role ARNs.
  
[[brew install saml2aws]]
+
  script [<flags>]
 +
    Emit a script that will export environment variables.
 +
</pre>
  
 
   
 
   

Revision as of 06:52, 23 May 2024

saml2aws CLI tool which enables you to login and retrieve AWS temporary credentials using with ADFS or PingFederate Identity Providers 

brew install saml2aws



saml2aws --help
saml2aws help 
saml2aws configure 
saml2aws login
saml2aws login --verbose
saml2aws exec 
saml2aws console 
saml2aws list-roles 
saml2aws script




usage: saml2aws [<flags>] <command> [<args> ...]

A command line tool to help with SAML access to the AWS token service.

Flags:
      --help                   Show context-sensitive help (also try --help-long and --help-man).
      --version                Show application version.
      --verbose                Enable verbose logging
      --quiet                  silences logs
  -i, --provider=PROVIDER      This flag is obsolete. See: https://github.com/Versent/saml2aws#configuring-idp-accounts
      --config=CONFIG          Path/filename of saml2aws config file (env: SAML2AWS_CONFIGFILE)
  -a, --idp-account="default"  The name of the configured IDP account. (env: SAML2AWS_IDP_ACCOUNT)
      --idp-provider=IDP-PROVIDER
                               The configured IDP provider. (env: SAML2AWS_IDP_PROVIDER)
      --browser-type=BROWSER-TYPE
                               The configured browser type when the IDP provider is set to Browser. if not set 'chromium' will be used. (env: SAML2AWS_BROWSER_TYPE)
      --browser-executable-path=BROWSER-EXECUTABLE-PATH
                               The configured browser full path when the IDP provider is set to Browser. If set, no browser download will be performed and the
                               executable path will be used instead. (env: SAML2AWS_BROWSER_EXECUTABLE_PATH)
      --browser-autofill       Configures browser to autofill the username and password. (env: SAML2AWS_BROWSER_AUTOFILL)
      --mfa=MFA                The name of the mfa. (env: SAML2AWS_MFA)
  -s, --skip-verify            Skip verification of server certificate. (env: SAML2AWS_SKIP_VERIFY)
      --url=URL                The URL of the SAML IDP server used to login. (env: SAML2AWS_URL)
      --username=USERNAME      The username used to login. (env: SAML2AWS_USERNAME)
      --password=PASSWORD      The password used to login. (env: SAML2AWS_PASSWORD)
      --mfa-token=MFA-TOKEN    The current MFA token (supported in Keycloak, ADFS, GoogleApps). (env: SAML2AWS_MFA_TOKEN)
      --role=ROLE              The ARN of the role to assume. (env: SAML2AWS_ROLE)
      --aws-urn=AWS-URN        The URN used by SAML when you login. (env: SAML2AWS_AWS_URN)
      --skip-prompt            Skip prompting for parameters during login.
      --session-duration=SESSION-DURATION
                               The duration of your AWS Session. (env: SAML2AWS_SESSION_DURATION)
      --disable-keychain       Do not use keychain at all. This will also disable Okta sessions & remembering MFA device. (env: SAML2AWS_DISABLE_KEYCHAIN)
  -r, --region=REGION          AWS region to use for API requests, e.g. us-east-1, us-gov-west-1, cn-north-1 (env: SAML2AWS_REGION)
      --prompter=PROMPTER      The prompter to use for user input (default, pinentry)

Commands:
  help [<command>...]
    Show help.

  configure [<flags>]
    Configure a new IDP account.

  login [<flags>]
    Login to a SAML 2.0 IDP and convert the SAML assertion to an STS token.

  exec [<flags>] [<command>...]
    Exec the supplied command with env vars from STS token.

  console [<flags>]
    Console will open the aws console after logging in.

  list-roles [<flags>]
    List available role ARNs.

  script [<flags>]
    Emit a script that will export environment variables.


See also

Retrieved from "https://www.wikieduonline.com/index.php?title=Saml2aws&oldid=321282"

Advertising: