saml2aws

From wikieduonline
Revision as of 06:52, 23 May 2024 by Welcome (talk | contribs)
Jump to navigation Jump to search

saml2aws CLI tool which enables you to login and retrieve AWS temporary credentials using with ADFS or PingFederate Identity Providers

brew install saml2aws


saml2aws --help
saml2aws help 
saml2aws configure 
saml2aws login
saml2aws login --verbose
saml2aws exec 
saml2aws console 
saml2aws list-roles 
saml2aws script



usage: saml2aws [<flags>] <command> [<args> ...]

A command line tool to help with SAML access to the AWS token service.

Flags:
      --help                   Show context-sensitive help (also try --help-long and --help-man).
      --version                Show application version.
      --verbose                Enable verbose logging
      --quiet                  silences logs
  -i, --provider=PROVIDER      This flag is obsolete. See: https://github.com/Versent/saml2aws#configuring-idp-accounts
      --config=CONFIG          Path/filename of saml2aws config file (env: SAML2AWS_CONFIGFILE)
  -a, --idp-account="default"  The name of the configured IDP account. (env: SAML2AWS_IDP_ACCOUNT)
      --idp-provider=IDP-PROVIDER
                               The configured IDP provider. (env: SAML2AWS_IDP_PROVIDER)
      --browser-type=BROWSER-TYPE
                               The configured browser type when the IDP provider is set to Browser. if not set 'chromium' will be used. (env: SAML2AWS_BROWSER_TYPE)
      --browser-executable-path=BROWSER-EXECUTABLE-PATH
                               The configured browser full path when the IDP provider is set to Browser. If set, no browser download will be performed and the
                               executable path will be used instead. (env: SAML2AWS_BROWSER_EXECUTABLE_PATH)
      --browser-autofill       Configures browser to autofill the username and password. (env: SAML2AWS_BROWSER_AUTOFILL)
      --mfa=MFA                The name of the mfa. (env: SAML2AWS_MFA)
  -s, --skip-verify            Skip verification of server certificate. (env: SAML2AWS_SKIP_VERIFY)
      --url=URL                The URL of the SAML IDP server used to login. (env: SAML2AWS_URL)
      --username=USERNAME      The username used to login. (env: SAML2AWS_USERNAME)
      --password=PASSWORD      The password used to login. (env: SAML2AWS_PASSWORD)
      --mfa-token=MFA-TOKEN    The current MFA token (supported in Keycloak, ADFS, GoogleApps). (env: SAML2AWS_MFA_TOKEN)
      --role=ROLE              The ARN of the role to assume. (env: SAML2AWS_ROLE)
      --aws-urn=AWS-URN        The URN used by SAML when you login. (env: SAML2AWS_AWS_URN)
      --skip-prompt            Skip prompting for parameters during login.
      --session-duration=SESSION-DURATION
                               The duration of your AWS Session. (env: SAML2AWS_SESSION_DURATION)
      --disable-keychain       Do not use keychain at all. This will also disable Okta sessions & remembering MFA device. (env: SAML2AWS_DISABLE_KEYCHAIN)
  -r, --region=REGION          AWS region to use for API requests, e.g. us-east-1, us-gov-west-1, cn-north-1 (env: SAML2AWS_REGION)
      --prompter=PROMPTER      The prompter to use for user input (default, pinentry)

Commands:
  help [<command>...]
    Show help.

  configure [<flags>]
    Configure a new IDP account.

  login [<flags>]
    Login to a SAML 2.0 IDP and convert the SAML assertion to an STS token.

  exec [<flags>] [<command>...]
    Exec the supplied command with env vars from STS token.

  console [<flags>]
    Console will open the aws console after logging in.

  list-roles [<flags>]
    List available role ARNs.

  script [<flags>]
    Emit a script that will export environment variables.


See also

Advertising: