awsudo enables users to execute commands that make API calls to AWS under the security context of an IAM role. The IAM role is assumed only upon successful authentication against a SAML compliant federation service.
aws-agent enables users to authenticate against a SAML compliant federation service once, after which aws-agent provides temporary credentials to awsudo to use.
awsudo {role-name | role-arn} command
aws-agent
sudo gem install awsudo
awsudo and aws-agent expect a configuration file named .awsudo in your home directory containing the values for your identity provider login url and the SAML provider name configured in AWS.
Example for AD FS:
IDP = adfs
IDP_LOGIN_URL = https://sts.example.com/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices
SAML_PROVIDER_NAME = adfs
Example for Okta:
IDP = okta
IDP_LOGIN_URL = https://example.okta.com/app/example/abc123/sso/saml
SAML_PROVIDER_NAME = okta
API_ENDPOINT = https://example.okta.com/api/v1
In addition to .awsudo, you can create .aws-roles in your home directory to map IAM roles ARNs to more easy to remember alias names, one per line, separated by spaces. Example:
myaccount-admin arn:aws:iam::123456789012:role/myaccount-admin
$ awsudo arn:aws:iam::123456789012:role/myaccount-admin aws ec2 describe-tags --region us-west-2
$ awsudo myaccount-admin aws ec2 describe-instances --region us-east-1
awsudo will ask your federated credentials every time. To avoid this use aws-agent as follows:
$ aws-agent
Login: username
Password:
AWS_AUTH_SOCK=/var/folders/xz/lx178g0d0rb36x95446zwgd80000gp/T/aws-20150623-20990-58v1c4/agent; export AWS_AUTH_SOCK;
then execute the commands printed by aws-agent. awsudo will now ask for temporary credentials to aws-agent.
FAQs
Unknown package
We found that awsudo demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.