{"id":20856449,"url":"https://github.com/lob/aws-creds","last_synced_at":"2025-05-12T07:32:03.669Z","repository":{"id":39627496,"uuid":"124028890","full_name":"lob/aws-creds","owner":"lob","description":"CLI tool to authenticate with Okta as the IdP to fetch AWS credentials","archived":false,"fork":false,"pushed_at":"2023-10-11T17:52:57.000Z","size":132,"stargazers_count":12,"open_issues_count":6,"forks_count":6,"subscribers_count":51,"default_branch":"main","last_synced_at":"2024-06-20T10:16:00.073Z","etag":null,"topics":["aws","cli","credentials","idp","okta","saml","sts"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lob.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-03-06T06:01:10.000Z","updated_at":"2023-01-24T15:44:45.000Z","dependencies_parsed_at":"2023-10-11T23:37:00.796Z","dependency_job_id":null,"html_url":"https://github.com/lob/aws-creds","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lob%2Faws-creds","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lob%2Faws-creds/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lob%2Faws-creds/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lob%2Faws-creds/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lob","download_url":"https://codeload.github.com/lob/aws-creds/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225128620,"owners_count":17425198,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cli","credentials","idp","okta","saml","sts"],"created_at":"2024-11-18T04:31:46.383Z","updated_at":"2024-11-18T04:32:38.209Z","avatar_url":"https://github.com/lob.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# aws-creds\n\nA CLI tool to authenticate with Okta as the IdP to fetch AWS credentials.\n\n## Installation\n\n\u003e Note: Building `aws-creds` requires `go \u003e= 1.13`.\n\nTo install `aws-creds`:\n\n1. Clone this repository.\n2. Run `make build`.\n3. Copy `./bin/aws-creds` to `/usr/local/bin`, or your preferred executables folder.\n\n\u003e Note: You can set the `BIN_DIR` and `VERSION` environment variables to override the build destination and version number.\n\u003e\n\u003e For example, building aws-creds directly into my `~/home/bin` directory:\n\u003e ```\n\u003e [aws-creds]$ VERSION=vX.Y.Z BIN_DIR=$HOME/bin make build\n\u003e [aws-creds]$ ~/bin/aws-creds -v\n\u003e aws-creds vX.Y.Z\n\u003e ```\n\n## Usage\n\n\u003e Note: This assumes you have already installed the [AWS CLI](https://aws.amazon.com/cli/).\n\nOnce you have installed `aws-creds`, run `aws-creds configure`.\nThis will prompt you for your okta username, okta host + okta aws app path, and information about your aws profiles + role ARNs.\n\n```\n$ aws-creds configure\nConfiguring global settings...\nOkta username: yourname\nOkta AWS Embed Link (e.g. https://example.okta.com/home/amazon_aws/0oa54k1gk2ukOJ9nGDt7/252): https://example.okta.com/home/amazon_aws/0oa54k1gk2ukOJ9nGDt7/123\n\nConfiguring profile settings...\nProfile name: test\nRole ARN (e.g. arn:aws:iam::123456789001:role/EngineeringRole): arn:aws:iam::123456789001:role/SomeRole\nDo you want to configure more profiles? [y/N]:\n```\n\nOnce complete, `aws-creds` will create the file `$HOME/.aws-creds/config` with this information.\n\nTo fetch credentials, run `aws-creds -p`:\n\n```\n$ aws-creds -p $PROFILE_NAME\n```\n\nThis may prompt you for your Okta password, preferred multi-factor auth method, and then your one-time password.\n\nPlease note that push-based authentication methods are not supported by this tool. You may need to add an additional verification method to your Okta account that uses an OTP. Google Authenticator and Okta Verify both work.\n\n`aws-creds` will then populate your `$HOME/.aws/credentials` file with credentials from Okta.\n\nFinally pass `--profile=$PROFILE_NAME`, or set `AWS_PROFILE=$PROFILE_NAME`, when running `aws` commands.\nFor example:\n\n```\n$ aws s3 ls --profile $PROFILE_NAME\n\n$ AWS_PROFILE=sandbox aws s3 ls      # Equivalent\n\n$ export AWS_PROFILE=sandbox         # Also\n$ aws s3 ls                          # Equivalent\n```\n\n\u003e Note: these credentials expire every hour, so you will need to re-run `aws-creds -p $PROFILE_NAME` periodically.\n\n### Headless Linux / WSL Users\n\nThis utility uses a keyring library that is incompatible with certain linux configurations. To disable keyring caching, modify the `~/.aws-creds/config` file to include `\"enable_keyring\" : false,` after setting up the tool. \n\n## Building\n\n`aws-creds` has a Makefile with helper commands:\n\nmake command | description\n--- | ---\n`make build` | Builds executable. Set `VERSION` and `BIN` environment variables to override defaults.\n`make clean` | Clean `BIN` folder and go cache.\n`make test` | Runs unit tests and generates coverage report.\n`make install`| Installs go dependencies.\n`make lint` | Lints the codebase.\n`make release` | Creates and pushes a git tag.\n`make setup` | Sets up linting and changelog tools.\n`make html` | Generates test coverage report.\n`make enforce` | Enforces test coverage.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flob%2Faws-creds","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flob%2Faws-creds","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flob%2Faws-creds/lists"}