{"id":17532755,"url":"https://github.com/Rukenshia/saml2aws-auto","last_synced_at":"2025-03-06T12:31:16.185Z","repository":{"id":38087640,"uuid":"130570268","full_name":"Rukenshia/saml2aws-auto","owner":"Rukenshia","description":"A CLI tool that allows you to manage multiple accounts for when using AWS with SAML Federation via Keycloak. Inspired by Versent/saml2aws.","archived":false,"fork":false,"pushed_at":"2024-09-03T22:08:27.000Z","size":623,"stargazers_count":41,"open_issues_count":4,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-10-21T23:37:25.452Z","etag":null,"topics":["auth","aws","cli","login","saml"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Rukenshia.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2018-04-22T13:33:40.000Z","updated_at":"2024-10-15T18:44:29.000Z","dependencies_parsed_at":"2024-04-09T04:46:11.553Z","dependency_job_id":null,"html_url":"https://github.com/Rukenshia/saml2aws-auto","commit_stats":null,"previous_names":[],"tags_count":61,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rukenshia%2Fsaml2aws-auto","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rukenshia%2Fsaml2aws-auto/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rukenshia%2Fsaml2aws-auto/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Rukenshia%2Fsaml2aws-auto/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Rukenshia","download_url":"https://codeload.github.com/Rukenshia/saml2aws-auto/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242211227,"owners_count":20090230,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","aws","cli","login","saml"],"created_at":"2024-10-20T18:01:40.801Z","updated_at":"2025-03-06T12:31:15.803Z","avatar_url":"https://github.com/Rukenshia.png","language":"Rust","funding_links":[],"categories":["cli"],"sub_categories":[],"readme":"# saml2aws-auto\n\nThis is a CLI used to manage multiple AWS account credentials when authenticating via SAML\nat the same time. Accounts are organised in groups, which can be refreshed using one command.\n\n## Installation\n\n```bash\nbrew install rukenshia/repo/saml2aws-auto\n```\n\nThe [GitHub Releases](https://github.com/Rukenshia/saml2aws-auto/releases) page includes archives for all major platforms.\nDownload the release for your platform and make sure `saml2aws-auto` is in your PATH variable.\n\nIf you have rust installed, you can use the following command\n\n```bash\ncargo install saml2aws-auto\n```\n\n### Linux\n\nIf you are on Linux, you will need to set up a secret tool before running saml2aws-auto. You can find more information in the troubleshooting section.\n\n## Features\n\n- Retrieving AWS Credentials when authenticating via SAML (only Keycloak supported at the moment, MFA is mandatory)\n- Management of multiple accounts organised in groups\n- Token expiration time is taken into account (they will not be refreshed if they are still valid)\n\n## Getting Started\n\nAfter you've downloaded and installed `saml2aws-auto`, you can add a new group using this command:\n\n```bash\n$ saml2aws-auto groups add my-accounts --prefix my-accounts --role Administrator\n\nWelcome to saml2aws-auto. It looks like you do not have a configuration file yet.\nCurrently, only Keycloak is supported as Identity Provider. When setting the\nIDP URL, please note that you will have to pass the exact path to the saml client of Keycloak.\n```\n\nLet's break the command down into a few pieces:\n\n- `saml2aws-auto groups add` tells the CLI to add a new group.\n- `my-accounts` tells the CLI what name you want to use for the group. This can be anything.\n- `--prefix my-accounts` tells it that all the accounts you want to target start with `my-accounts`.\n  In our example, we have two accounts: `my-accounts-staging` and `my-accounts-prod`. That means that the prefix will capture both of these accounts. If you also have `my-other-accounts-staging` and `my-other-accounts-prod` but want all four accounts in the same group, you can use the prefix `my-`.\n- `--role Administrator` identifies which role to use for all accounts.\n\nIf you want to add new accounts to an existing group later, you can use the `--append` flag. Also if you want to target specific accounts, you can pass in `--accounts [account names,]`. Use `saml2aws-auto groups add --help` for more info.\n\nNext, you will be asked a few questions:\n\n```\n? IDP URL [localhost]: https://my.idp/realms/myrealm/protocol/saml/clients/aws\n? IDP Username: my.username@company.com\n? IDP Password []: my.password\n\nAll set!\n\n? MFA Token [000000]: 123456\n```\n\nYour password will be stored with the native credentials manager of your platform.\n\nAfter you've entered your MFA Token, the group will be configured for you:\n\n```\nListing allowed roles for your account          SUCCESS\n\nmy-accounts:\n        my-accounts-staging: arn:aws:iam::1234567890:role/Administrator\n        my-accounts-prod: arn:aws:iam::1234567891:role/Administrator\n\nGroup configuration updated\n```\n\nThe only thing left to do now is refresh your credentials:\n\n```bash\n$ saml2aws-auto refresh my-accounts\n\n? MFA Token [000000]: 123456\nRefreshing my-accounts-staging  SUCCESS\nRefreshing my-accounts-prod     SUCCESS\n\nRefreshed group my-accounts. To use them in the AWS cli, apply the --profile flag with the name of the account.\n\nExample:\n\n        aws --profile my-accounts-staging s3 ls\n```\n\n## Changing Password / Username / Other Configuration\n\nYou can use `saml2aws-auto configure` to reconfigure your details.\nIf you have several IDPs that you need to connect to, you can use the `--config` option to provide\na path to a separate config file for saml2aws-auto.\n\n## Usage\n\nYou can interactively explore the tool by typing `saml2aws-auto help`. This also works for any of the sub commands.\n\n## Troubleshooting\n\n## I am behind a proxy\n\nIf you are using a proxy, you need to set up the common environment variables for proxy usage.\n\n- `http_proxy` - routes all HTTP traffic through the given proxy (e.g. `http://user:password@localhost:1234`)\n- `https_proxy` - routes all HTTPS traffic through the given proxy (e.g. `http://user:password@localhost:1234`)\n\n**for `saml2aws-auto`, all requests are usually made to HTTPS endpoints, therefore configuring the `https_proxy` is advised.**\n\n## My password can't be stored\n\nSome users have reported issues with the credentials management. If your password can't be stored properly, you can use the `--skip-password-manager` flag combined with the `--password` flag with the `groups add`\nand `refresh` commands to circumvent this.\n\nExample:\n\n```sh\nsaml2aws-auto --skip-password-manager groups add example --role Administrator --prefix example --password \"my password\"\n```\n\n## `The name org.freedesktop.secrets was not provided by any .service files (org.freedesktop.DBus.Error.ServiceUnknown)))`\n\nThis is an error specific to linux and tells you that you currently don't have any secret manager implementing the Freedesktop Secret Service set up. Usually, a keyring app such as GNOME-Keyring or another tool is pre-installed. Open that up and configure both your master password and the default vault for your secrets and try rerunning saml2aws-auto. [Another link to what apps provide this API](https://specifications.freedesktop.org/secret-service/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FRukenshia%2Fsaml2aws-auto","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FRukenshia%2Fsaml2aws-auto","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FRukenshia%2Fsaml2aws-auto/lists"}