{"id":37063719,"url":"https://github.com/cshamrick/stsauth","last_synced_at":"2026-01-14T07:17:35.481Z","repository":{"id":32455782,"uuid":"134289918","full_name":"cshamrick/stsauth","owner":"cshamrick","description":"A CLI tool that allows easy generation of AWS credentials using STS, ADFS, and Active Directory.","archived":false,"fork":false,"pushed_at":"2025-10-15T15:54:09.000Z","size":305,"stargazers_count":18,"open_issues_count":0,"forks_count":6,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-10-26T08:43:58.976Z","etag":null,"topics":["aws","aws-cli","aws-iam","iam"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cshamrick.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-05-21T15:44:42.000Z","updated_at":"2025-10-15T15:54:12.000Z","dependencies_parsed_at":"2022-08-07T17:31:05.099Z","dependency_job_id":"a12a2c63-bd47-4ca6-b7fb-da940ac51681","html_url":"https://github.com/cshamrick/stsauth","commit_stats":{"total_commits":199,"total_committers":12,"mean_commits":"16.583333333333332","dds":0.4773869346733668,"last_synced_commit":"f30cc37ed1d5e18cb47a250bf4c67a5d6332478e"},"previous_names":[],"tags_count":37,"template":false,"template_full_name":null,"purl":"pkg:github/cshamrick/stsauth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cshamrick%2Fstsauth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cshamrick%2Fstsauth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cshamrick%2Fstsauth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cshamrick%2Fstsauth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cshamrick","download_url":"https://codeload.github.com/cshamrick/stsauth/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cshamrick%2Fstsauth/sbom","scorecard":{"id":310861,"data":{"date":"2025-08-11","repo":{"name":"github.com/cshamrick/stsauth","commit":"6080d373ebe367634eaef340e9c71fe4fc1822d7"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":3,"reason":"Found 5/13 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/cshamrick/stsauth/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/cshamrick/stsauth/ci.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/cshamrick/stsauth/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linter.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/cshamrick/stsauth/linter.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/linter.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/cshamrick/stsauth/linter.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-docker.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/cshamrick/stsauth/publish-docker.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docker.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/cshamrick/stsauth/publish-docker.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docker.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/cshamrick/stsauth/publish-docker.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docker.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/cshamrick/stsauth/publish-docker.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docker.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/cshamrick/stsauth/publish-docker.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish-docker.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/cshamrick/stsauth/publish-docker.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-pypi.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/cshamrick/stsauth/publish-pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-pypi.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/cshamrick/stsauth/publish-pypi.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cshamrick/stsauth/release.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/cshamrick/stsauth/release.yaml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:14","Warn: pipCommand not pinned by hash: Dockerfile:7-12","Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:30","Warn: pipCommand not pinned by hash: .github/workflows/ci.yml:31","Warn: pipCommand not pinned by hash: .github/workflows/publish-pypi.yml:31","Warn: pipCommand not pinned by hash: .github/workflows/publish-pypi.yml:32","Info:   0 out of   8 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   7 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned","Info:   1 out of   6 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:15","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/ci.yml:16","Info: jobLevel 'contents' permission set to 'read': .github/workflows/linter.yml:16","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/linter.yml:17","Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish-docker.yml:20","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/publish-docker.yml:21","Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish-pypi.yml:20","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/publish-pypi.yml:21","Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/release.yaml:15","Info: found token with 'none' permissions: .github/workflows/ci.yml:1","Info: found token with 'none' permissions: .github/workflows/linter.yml:1","Info: found token with 'none' permissions: .github/workflows/publish-docker.yml:1","Info: found token with 'none' permissions: .github/workflows/publish-pypi.yml:1","Info: found token with 'none' permissions: .github/workflows/release.yaml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/publish-docker.yml:17"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 25 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T23:09:30.535Z","repository_id":32455782,"created_at":"2025-08-17T23:09:30.535Z","updated_at":"2025-08-17T23:09:30.535Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28412787,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T05:26:33.345Z","status":"ssl_error","status_checked_at":"2026-01-14T05:21:57.251Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-cli","aws-iam","iam"],"created_at":"2026-01-14T07:17:34.823Z","updated_at":"2026-01-14T07:17:35.473Z","avatar_url":"https://github.com/cshamrick.png","language":"Python","readme":"# stsauth\n\n[![codecov](https://codecov.io/gh/cshamrick/stsauth/branch/main/graph/badge.svg?token=WZFLZUSK1N)](https://codecov.io/gh/cshamrick/stsauth)\n[![GitHub Super-Linter](https://github.com/cshamrick/stsauth/workflows/super-linter/badge.svg)](https://github.com/marketplace/actions/super-linter)\n[![Total alerts](https://img.shields.io/lgtm/alerts/g/cshamrick/stsauth.svg?logo=lgtm\u0026logoWidth=18)](https://lgtm.com/projects/g/cshamrick/stsauth/alerts/)\n[![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/cshamrick/stsauth.svg?logo=lgtm\u0026logoWidth=18)](https://lgtm.com/projects/g/cshamrick/stsauth/context:python)\n\n![PyPI](https://img.shields.io/pypi/v/stsauth)\n![PyPI - Status](https://img.shields.io/pypi/status/stsauth)\n![PyPI - Downloads](https://img.shields.io/pypi/dm/stsauth)\n![PyPI - Wheel](https://img.shields.io/pypi/wheel/stsauth)\n![PyPI - License](https://img.shields.io/pypi/l/stsauth)\n![PyPI - Python Version](https://img.shields.io/pypi/pyversions/stsauth)\n\nCreates a temporary `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` that can be used with command-line tools such as `awscli`, `ansible`, `terraform` and more.\n\nThis method of authentication is preferred because it eliminates the need for long-lived access keys and forces every user to use their own credentials when connecting to AWS Services.\n\n- [Installation](#installation)\n  - [Using Pip](#using-pip)\n  - [Using Docker](#using-docker)\n  - [Configuration](#configuration)\n- [Usage](#usage)\n  - [stsauth](#stsauth-cli)\n  - [stsauth authenticate](#stsauth-authenticate)\n  - [stsauth profiles](#stsauth-profiles)\n  - [stsauth assume-role](#stsauth-assume-role)\n- [Warning](#warning)\n- [Troubleshooting](#troubleshooting)\n- [Credits](#credits)\n\n## Installation\n\n### Using `pip`\n\n```shell\n# Uninstall if a version of `stsauth` already exists\n$ pip uninstall stsauth\n\n# Install the current release\n$ pip install stsauth\n\n# Install a specific version\n$ pip install stsauth==0.1.0 # Get the latest from: https://pypi.org/project/stsauth/#history\n\n# Upgrade an existing installation\n$ pip install stsauth --upgrade\n```\n\n### Using `docker`\n\n`docker pull cshamrick/stsauth:latest`\n\nAdd the following alias to your `~/.bash_profile`, `~/.bashrc`, or `~/.zshrc`:\n\n```sh\nalias stsauth='docker run --rm -it -v ~/.aws:/root/.aws -e AWS_PROFILE=$AWS_PROFILE -e AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION cshamrick/stsauth:latest'\n```\n\n### Configuration\n\n- A valid AWS CLI configuration is required. For more information about the AWS CLI, see [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html) for more information.\n\n- Sample `~/.aws/credentials` file:\n\n  ```conf\n  [default]\n  output = json\n  region = us-east-1\n  idpentryurl = https://\u003cfqdn\u003e/adfs/ls/idpinitiatedsignon.aspx?LoginToRP=urn:amazon:webservices\n  domain = MYADDOMAIN\n  okta_org = my-organization\n  okta_shared_secret = 16CHARLONGSTRING\n  aws_access_key_id = awsaccesskeyidstringexample\n  aws_secret_access_key = awssecretaccesskeystringexample\n  ```\n\n## Usage\n\n### `stsauth` cli\n\n```shell\n$ stsauth --help\nUsage: stsauth [OPTIONS] COMMAND [ARGS]...\n\n  Tools for managing AWS credentials through an ADFS portal.\n\nOptions:\n  -v, --verbosity LVL  Either CRITICAL, ERROR, WARNING, INFO or DEBUG\n  --version            Show the version and exit.\n  --help               Show this message and exit.\n\nCommands:\n  assume-role   Used to assume another AWS IAM Role.\n  authenticate  Authenticate to and fetch credentials for AWS through an...\n  profiles      Lists the profile details from the credentialsfile or a...\n```\n\n### `stsauth authenticate`\n\n```shell\n$ stsauth authenticate --help\nUsage: stsauth authenticate [OPTIONS]\n\n  Authenticate to and fetch credentials for AWS through an ADFS portal\n\nOptions:\n  -u, --username TEXT             IdP endpoint username.\n  -p, --password TEXT             Program will prompt for input if not\n                                  provided.\n\n  -i, --idpentryurl TEXT          The initial url that starts the\n                                  authentication process.\n\n  -d, --domain TEXT               The active directory domain.\n  -c, --credentialsfile TEXT      Path to AWS credentials file.\n  -l, --profile TEXT              Name of config profile.\n  -r, --region TEXT               The AWS region to use. ex: us-east-1\n  -k, --okta-org TEXT             The Okta organization to use. ex: my-\n                                  organization\n\n  -s, --okta-shared-secret TEXT   Okta Shared Secret for TOTP Authentication.\n                                  WARNING! Please use push notifications if at\n                                  all possible. Unless you are aware of what\n                                  you are doing, this method could potentially\n                                  expose your Shared Secret. Proceed with\n                                  caution and use a tool like `pass` to\n                                  securely store your secrets.\n\n  -t, --vip-access-security-code TEXT\n                                  VIP Access security code.\n  -b, --browser                   If set, will attempt to open the console in\n                                  your default browser.To enable opening the\n                                  console in an incognito window, set\n                                  `browser_path`in your config file `default`\n                                  section to your browser executable.\n\n  -o, --output [json|text|table]\n  -e, --duration NUM              The duration in seconds of the requested session.\n                                  [default: 3600]\n\n  -f, --force                     Auto-accept confirmation prompts.\n  --help                          Show this message and exit.\n```\n\n```shell\n$ stsauth authenticate\nUsername: username\nPassword:\n\nPlease choose the role you would like to assume:\nAccount: account-name-0 (000000000000)\n[0]: ADFS-Role-One\n[1]: ADFS-Role-Two\n\nAccount: account-name-1 (000000000001)\n[2]: ADFS-Role-One\n\nAccount: account-name-2 (000000000002)\n[3]: ADFS-Role-One\n[4]: ADFS-Role-Two\n\nSelection: 2\n\nRequesting credentials for role: arn:aws:iam::000000000001:role/ADFS-Role-One\n\n------------------------------------------------------------\nYour new access key pair has been generated with the following details:\n------------------------------------------------------------\nFile Path: /Users/username/.aws/credentials\nProfile: 000000000001-ADFS-Role-One\nExpiration Date: 2018-06-27 16:29:01+00:00\n------------------------------------------------------------\nTo use this credential, call the AWS CLI with the --profile option:\ne.g. aws --profile 000000000001-ADFS-Role-One ec2 describe-instances\nOr provided as an environment variable:\nexport AWS_PROFILE=000000000001-ADFS-Role-One\n--------------------------------------------------------------\n```\n\n### `stsauth profiles`\n\n```shell\n$ stsauth profiles --help\nUsage: stsauth profiles [OPTIONS] [PROFILE]\n\n  Lists the profile details from the credentialsfile or a specified profile.\n\n  Args:     credentialsfile: The file containing the profile details.\n  profile: (Optional) A specific profile to print details for.\n\nOptions:\n  -c, --credentialsfile TEXT  Path to AWS credentials file.\n  -q, --query TEXT            Value to query from the profile.\n  --help                      Show this message and exit.\n```\n\n```shell\n$ stsauth profiles\nAccount     Profile                      Expire Date         Status\n----------- ---------------------------- ------------------- -------\nNone        default                      No Expiry Set       active\nNone        saml                         2018-06-25 16:32:20 expired\nAccount-One 000000000000-ADFS-Role-One   2018-06-25 16:36:27 expired\nAccount-Two 000000000000-ADFS-Role-Two   2018-06-25 16:47:51 expired\nAccount-One 000000000001-ADFS-Role-One   2018-06-27 10:04:46 active\nAccount-One 000000000002-ADFS-Role-One   2018-06-27 11:23:23 active\nAccount-Two 000000000002-ADFS-Role-Two   2018-06-27 11:28:22 active\nAccount-Two 000000000002-Assume-Role-One 2018-06-27 11:30:24 active\n```\n\n### `stsauth assume-role`\n\n```shell\n$ stsauth assume-role --help\nUsage: stsauth assume-role [OPTIONS] ROLE_ARN\n\n  Used to assume another AWS IAM Role.\n\nOptions:\n  -l, --profile TEXT          The AWS Profile to assume the role-arn from.\n                              Uses AWS_PROFILE environment if available.\n\n  --role-session-name TEXT    Specify if a custom session name is required.\n                              Otherwise a generated value will be used.\n\n  -c, --credentialsfile TEXT  Path to AWS credentials file.  [default:\n                              ~/.aws/credentials]\n\n  --help                      Show this message and exit.\n```\n\n```shell\n# Export (or provide at CLI) an AWS_PROFILE with valid, unexpired credententials\n$ export AWS_PROFILE=000000000002-ADFS-Role-Two\n\n$ stsauth assume-role arn:aws:iam::000000000002:role/Assume-Role-One\n\n------------------------------------------------------------\nYour new access key pair has been generated with the following details:\n------------------------------------------------------------\nFile Path: /Users/username/.aws/credentials\nProfile: 000000000002-Assume-Role-One\nExpiration Date: 2018-06-27 11:30:24+00:00\n------------------------------------------------------------\nTo use this credential, call the AWS CLI with the --profile option:\ne.g. aws --profile 000000000002-Assume-Role-One ec2 describe-instances\nOr provided as an environment variable:\nexport AWS_PROFILE=000000000002-Assume-Role-One\n--------------------------------------------------------------\n```\n\n## Warning\n\nIt is **strongly** recommended to use Okta Push Notifications for MFA if at all possible. Storing your Shared Secret or passing it in through the command-line comes with the risk of exposing the Shared Secret to unintended persons. If compromised, the security of MFA is lost. **Please proceed with caution and an understanding of the risks associated. _If you believe your Shared Secret has been compromised, please revoke it immediately._**\n\n## Troubleshooting\n\n### An error occurs when authenticating\n\n\u003e An error occurred (AccessDenied) when calling the AssumeRoleWithSAML operation: Access denied\n\nYou likely have lost permission. Please try to sign in via AWS Console.\n\n## Credits\n\nThis project is based largely on [Enabling Federation to AWS Using Windows Active Directory, ADFS, and SAML 2.0](https://aws.amazon.com/blogs/security/enabling-federation-to-aws-using-windows-active-directory-adfs-and-saml-2-0/)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcshamrick%2Fstsauth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcshamrick%2Fstsauth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcshamrick%2Fstsauth/lists"}