{"id":37088363,"url":"https://github.com/mmmorris1975/aws-runas","last_synced_at":"2026-04-10T00:22:40.054Z","repository":{"id":27292188,"uuid":"103553977","full_name":"mmmorris1975/aws-runas","owner":"mmmorris1975","description":"aws-runas rewritten in Go","archived":false,"fork":false,"pushed_at":"2025-12-16T15:38:35.000Z","size":1836,"stargazers_count":90,"open_issues_count":4,"forks_count":21,"subscribers_count":6,"default_branch":"master","last_synced_at":"2026-01-02T15:17:44.620Z","etag":null,"topics":["aws","aws-runas","aws-sdk","go","golang","iam","mfa","oidc","saml2","sts"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mmmorris1975.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-09-14T16:09:34.000Z","updated_at":"2025-12-16T15:38:39.000Z","dependencies_parsed_at":"2023-12-19T16:51:41.318Z","dependency_job_id":"c2522adb-8fdd-46d6-b18d-cc48030cacc0","html_url":"https://github.com/mmmorris1975/aws-runas","commit_stats":{"total_commits":713,"total_committers":5,"mean_commits":142.6,"dds":"0.33380084151472655","last_synced_commit":"c9e8f708415ff46c9dd3747830bda7b4291a9b14"},"previous_names":[],"tags_count":94,"template":false,"template_full_name":null,"purl":"pkg:github/mmmorris1975/aws-runas","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mmmorris1975%2Faws-runas","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mmmorris1975%2Faws-runas/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mmmorris1975%2Faws-runas/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mmmorris1975%2Faws-runas/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mmmorris1975","download_url":"https://codeload.github.com/mmmorris1975/aws-runas/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mmmorris1975%2Faws-runas/sbom","scorecard":{"id":654541,"data":{"date":"2025-08-11","repo":{"name":"github.com/mmmorris1975/aws-runas","commit":"74009e3b6e211c149c1643c63322a16ddac0589e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.8,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":2,"reason":"Found 3/15 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 3.5.2 not signed: https://api.github.com/repos/mmmorris1975/aws-runas/releases/101588761","Warn: release artifact 3.5.1 not signed: https://api.github.com/repos/mmmorris1975/aws-runas/releases/87963830","Warn: release artifact 3.5.0 not signed: https://api.github.com/repos/mmmorris1975/aws-runas/releases/83940721","Warn: release artifact 3.4.0 not signed: https://api.github.com/repos/mmmorris1975/aws-runas/releases/74387053","Warn: release artifact 3.3.3 not signed: https://api.github.com/repos/mmmorris1975/aws-runas/releases/65494036","Warn: release artifact 3.5.2 does not have provenance: https://api.github.com/repos/mmmorris1975/aws-runas/releases/101588761","Warn: release artifact 3.5.1 does not have provenance: https://api.github.com/repos/mmmorris1975/aws-runas/releases/87963830","Warn: release artifact 3.5.0 does not have provenance: https://api.github.com/repos/mmmorris1975/aws-runas/releases/83940721","Warn: release artifact 3.4.0 does not have provenance: https://api.github.com/repos/mmmorris1975/aws-runas/releases/74387053","Warn: release artifact 3.3.3 does not have provenance: https://api.github.com/repos/mmmorris1975/aws-runas/releases/65494036"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 19 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"12 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-353f-x4gh-cqq8","Warn: Project is vulnerable to: GHSA-5w6v-399v-w3cc","Warn: Project is vulnerable to: GHSA-mrxw-mxhj-p664","Warn: Project is vulnerable to: GHSA-vvfq-8hwr-qm4m","Warn: Project is vulnerable to: GHSA-2rxp-v6pw-ch6m","Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T14:18:38.541Z","repository_id":27292188,"created_at":"2025-08-21T14:18:38.542Z","updated_at":"2025-08-21T14:18:38.542Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28417716,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-runas","aws-sdk","go","golang","iam","mfa","oidc","saml2","sts"],"created_at":"2026-01-14T10:51:34.140Z","updated_at":"2026-04-10T00:22:40.041Z","avatar_url":"https://github.com/mmmorris1975.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# aws-runas\n\n[![CircleCI](https://circleci.com/gh/mmmorris1975/aws-runas.svg?style=shield\u0026circle-token=3b49323c5e6109720c3cf1d581b26cd36eb598ca)](https://circleci.com/gh/mmmorris1975/aws-runas)\n[![Go Report Card](https://goreportcard.com/badge/github.com/mmmorris1975/aws-runas)](https://goreportcard.com/report/github.com/mmmorris1975/aws-runas)\n\nA friendly way to do AWS STS AssumeRole operations, so you can perform AWS API actions using a particular set of permissions.\nIncludes support for IAM user credentials and SAML SSO, including MFA for both!  Works off of profile names configured\nin the AWS SDK configuration file.\n\nThe tool will cache the credentials retrieved from AWS in order to minimize API calls to AWS, as well as minimize the entry\nof MFA codes (for roles requiring MFA).\n\nVersion 3.0 is a ground-up rewrite of the tool with a number of behind the scenes updates, and quite a few new features\nto make interacting with AWS role credentials easier\n  * Added support for Web Identity credentials in addition to SAML credentials\n  * The ECS metadata credential service is now feature-comparable to the EC2 metadata credential service\n  * The ECS metadata credential service allows dynamic profile credential fetching when a profile name gets appended\n    to the service endpoint URL path\n  * The EC2 metadata credential service supports using a custom port, which permits the service to run without\n    root/admin privileges. Running using the \"traditional\" 169.254.169.254 address is still supported, but will always\n    require elevated privileges for configuring the IP address on a network interface, and running on a privileged port.\n  * The EC2 metadata credential service now supports the IMDSv2 token path, and still handles IMDSv1\n  * Use a baked-in SSM session client to remove the requirement to install the AWS ssm session plugin, a CLI option\n    is provided if use of the plugin is necessary or desired.\n  * Add support for SSH over SSM sessions in the build-in client, and via the plugin\n  * More coherent and expansive use of subcommands in the CLI to make separation of the various functions in the tool\n    clearer. (See Usage section below)\n  * Integration/functional tests now include testing SAML and Web Identity functionality with external public IdPs\n    (currently Okta and Onelogin)\n  * Support Apple M1 based systems\n  * Enable configuration to specify the type of MFA to use with external identity providers, overriding the auto detection logic\n\nSince it's written in Go, there is no runtime dependency on external libraries, or language runtimes, just download the\ncompiled executable and \"go\".\n\n## Installing\n\nPre-compiled binaries for various platforms can be downloaded [here](https://github.com/mmmorris1975/aws-runas/releases/latest)\n\n## Usage\n    NAME:\n    aws-runas - Create an environment for interacting with the AWS API using an assumed role\n\n    USAGE:\n    aws-runas [global options] [subcommand] profile [arguments...]\n    \n    VERSION:\n    3.7.0\n    \n    COMMANDS:\n    list, ls              Shows IAM roles or MFA device configuration\n    serve, srv            Serve credentials from a listening HTTP service\n    ssm                   Helpful shortcuts for working with SSM sessions\n    ecr                   Shortcuts for working with ECR\n    password, passwd, pw  Set or update the stored password for an external identity provider\n    diagnose, diag        run diagnostics to gather information to aid in troubleshooting\n    help, h               Shows a list of commands or help for one command\n    \n    GLOBAL OPTIONS:\n    --duration value, -d value       duration of the retrieved session token (default: 12 hours) [$SESSION_TOKEN_DURATION]\n    --role-duration value, -a value  duration of the assume role credentials (default: 1 hours) [$CREDENTIALS_DURATION]\n    --otp value, -o value            MFA token code [$MFA_CODE]\n    --mfa-serial value, -M value     serial number (or AWS ARN) of MFA device needed to assume role [$MFA_SERIAL]\n    --mfa-type value, -t value       use specific MFA type instead of provider auto-detection logic [$MFA_TYPE]\n    --external-id value, -X value    external ID to use with Assume Role [$EXTERNAL_ID]\n    --jump-role value, -J value      ARN of the 'jump role' to use with SAML or Web Identity integration [$JUMP_ROLE_ARN]\n    --saml-url value, -S value       URL of the SAML authentication endpoint [$SAML_AUTH_URL]\n    --saml-entityid value, -I value  Entity ID of the SAML authentication endpoint [$SAML_ENTITY_ID]\n    --web-url value, -W value        URL of the Web Identity (OIDC) authentication endpoint [$WEB_AUTH_URL]\n    --web-redirect value, -T value   Web Identity (OIDC) redirect URI [$WEB_REDIRECT_URI]\n    --web-client value, -C value     Web Identity (OIDC) client ID [$WEB_CLIENT_ID]\n    --username value, -U value       username for SAML or Web Identity (OIDC) authentication [$RUNAS_USERNAME, $SAML_USERNAME, $WEB_USERNAME]\n    --password value, -P value       password for SAML or Web Identity (OIDC) authentication [$RUNAS_PASSWORD, $SAML_PASSWORD, $WEB_PASSWORD]\n    --provider value, -R value       name of the SAML or Web Identity (OIDC) provider to use [$RUNAS_PROVIDER, $SAML_PROVIDER, $WEB_PROVIDER]\n    --env, -E                        pass credentials to program as environment variables (default: false) [$RUNAS_ENV_CREDENTIALS]\n    --output value, -O value         credential output format, valid values: env or json (default: \"env\") [$RUNAS_OUTPUT_FORMAT]\n    --session, -s                    use session token credentials instead of role credentials (default: false) [$RUNAS_SESSION_CREDENTIALS]\n    --refresh, -r                    force a refresh of the cached credentials (default: false)\n    --expiration, -e                 show credential expiration time (default: false)\n    --whoami, -w                     print the AWS identity information for the provided profile credentials (default: false)\n    --write-credentials, -c          write credentials to the AWS credentials file in addition to the cache (default: false) [$RUNAS_WRITE_CREDENTIALS]\n    --list-mfa, -m                   list the ARN of the MFA device associated with your IAM account (default: false)\n    --list-roles, -l                 list role ARNs you are able to assume (default: false)\n    --update, -u                     check for updates to aws-runas (default: false)\n    --diagnose, -D                   run diagnostics to gather information to aid in troubleshooting (default: false)\n    --verbose, -v                    output debug logging, use twice for AWS call tracing (default: standard logging)\n    --help, -h                       show help (default: false)\n    --version, -V                    print the version (default: false)\n\n## Building\n\n### Build Requirements\n\nDeveloped and tested using the go 1.25 tool chain and aws-sdk-go-v2\n\n### Build Steps\n\nA Makefile is included with the source code, and executing the default target via the `make` command should install all dependent\nlibraries and make the executable for your platform (or platform of choice if the GOOS and GOARCH env vars are set).\n\nOther common make targets which may be useful for local development:\n  - clean - to clean up build artifacts\n  - linux, darwin, windows - compile program specifically targeting these platforms. Compiled program will be placed\n    in the `build` subdirectory of the source tree. Specific architecture can be compiled by setting the GOOS environment variable.\n  - zip - create a zip file of the compiled program (compiling it, if necessary). By default, it will compile for the\n    platform the command is run on.  Zip file will be placed in the `pkg` subdirectory of the source tree.  Use the\n    GOOS and GOARCH environment variables to compile and package for other systems.\n\n## Contributing\n\nThe usual github model for forking the repo and creating a pull request is the preferred way to\ncontribute to this tool.  Bug fixes, enhancements, doc updates, translations are always welcomed.\n\nThe documentation at the [doc site](https://mmmorris1975.github.io/aws-runas/) all lives under the docs directory in\nthis repository. It uses [Markdown](https://guides.github.com/features/mastering-markdown/) for the documentation format.\nEveryone is welcome to submit pull requests with documentation updates to help correct or clarify the documentation for\nthis tool.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmmmorris1975%2Faws-runas","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmmmorris1975%2Faws-runas","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmmmorris1975%2Faws-runas/lists"}