Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/nitorcreations/aws-oidc-login

CLI login to AWS using OpenID Connect
https://github.com/nitorcreations/aws-oidc-login

aws cli login oidc

Last synced: 5 months ago
JSON representation

CLI login to AWS using OpenID Connect

Awesome Lists containing this project

README 

          
# Log in to AWS using OpenID Connect



The aim for this is to create a general purpose CLI OIDC login with a limited set of trusted dependencies.



Tested with Azure AD for now. Your mileage may vary with other providers, please let us know!



[![Codeship Status for NitorCreations/aws-oidc-login](https://app.codeship.com/projects/c1b8cf70-ba79-0137-d140-5ec1c160b8c0/status?branch=master)](https://app.codeship.com/projects/364808)



## Prerequisites (Azure AD example)

* Create Azure AD App

    * Set public client reply url to `http://localhost`

    * Add an appRole (may be unnecessary)

    * Add users(s) to the role (to the app)

* Create an AWS OIDC identity provider

    * Authority URL will be `https://login.microsoftonline.com//oauth2/v2.0`

    * Add your AAD app client id as audience

* Create a web identity role with permissions you'd like

    * Edit trust relationship for the role to allow role assumption with tokens issued by AAD for your app

* Add parameters under a suitable profile ~/.aws/config:

    * Add your application id (client id) from AAD app

    * Add your AAD tenant id

    * `oidc_authority_url=https://login.microsoftonline.com//oauth2/v2.0`

    * `oidc_client_id=`

    * `oidc_role_arn=`



## Installation



It's [available on PyPI](https://pypi.org/project/aws-oidc-login/). Install by running `pip install aws-oidc-login`.



## Run



The executable is called `aol`. Log in with default profile by simply running `aol` or specify a profile with `aol [profile]`. 



See `aol -h` for more options.