{"id":20935424,"url":"https://github.com/ww-tech/aws-sts-proxy","last_synced_at":"2025-05-13T20:32:44.572Z","repository":{"id":98889963,"uuid":"196432332","full_name":"ww-tech/aws-sts-proxy","owner":"ww-tech","description":"An OIDC Authenticated Proxy around AWS STS","archived":false,"fork":false,"pushed_at":"2019-07-11T17:24:54.000Z","size":10,"stargazers_count":7,"open_issues_count":1,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-02T08:07:50.909Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ww-tech.png","metadata":{"files":{"readme":"Readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-07-11T16:45:55.000Z","updated_at":"2022-08-26T04:59:17.000Z","dependencies_parsed_at":"2023-03-05T17:30:40.797Z","dependency_job_id":null,"html_url":"https://github.com/ww-tech/aws-sts-proxy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ww-tech%2Faws-sts-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ww-tech%2Faws-sts-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ww-tech%2Faws-sts-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ww-tech%2Faws-sts-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ww-tech","download_url":"https://codeload.github.com/ww-tech/aws-sts-proxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254021335,"owners_count":22000902,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-18T22:14:55.197Z","updated_at":"2025-05-13T20:32:44.224Z","avatar_url":"https://github.com/ww-tech.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS STS Proxy\n\nA simple proxy that can be used to proxy AWS STS based off an oidc token. An oidc token contains all the information about a user that is required to create a temporary sts session and return that session back to the user. The STS session maps back to the user, because the session name is created based on the oidc token's username. Only the server application is allowed to assume the role it is creating tokens for, this allows for us to trust the name of the session name.\n\n\n### Usage\n\n#### Configuration\n\n```\nEKS_ASSUME_ROLE: The Role to assume from the server\nSTRING_REQUIREMENT: A string to require in the users email address, or a 403 is thrown.\nPORT: A port to run the application on. Default is 8080\nHEALTHCHECK: A path to serve the healthcheck on. Default is /hc\n```\n\n#### Run Locally\n\n```\ndep ensure\ngo run main.go\n```\n\n#### POST `/sts/token`\n\n\u003e Returns temproary credentials for a role the server assumes. User must pass Authentication TOKEN Header with request from oidc application. The server creats a session with the email retrieved from the oidc token.\n\n##### Params\n\n```\nROLE_ARN = A role the user wants to assume. The server must be able to assume this role or it will return a 403\nDuration = The Duration of the temporary credentials. If the role does not accept this duration, the server will return 403.\nExternalId = An optional ExternalID if the role that is being assumed requires it. If this is not passed in and the role expects it, the server will return 403.\n```\n\n\n\u003e request a temporary sts token that maps back to your user\n\n#### Example\n\n```\ncurl -XPOST -H\"Authorization: $TOKEN\" localhost:8080/sts/token\n```\n\n### Build\n\n```\ndocker build -t sts-proxy .\ndocker-compose up\n```\n## License\naws-sts-proxy is © copyright by WW International.\n\naws-sts-proxy is licensed under the [Apache-2.0 Open Source license](http://choosealicense.com/licenses/apache-2.0/).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fww-tech%2Faws-sts-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fww-tech%2Faws-sts-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fww-tech%2Faws-sts-proxy/lists"}