Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/walkersumida/aws-sso-google

Provides AWS STS credentials based on Google Workspace SAML SSO auth
https://github.com/walkersumida/aws-sso-google

aws golang google google-workspace saml single-sign-on sso sts

Last synced: 17 days ago
JSON representation

Provides AWS STS credentials based on Google Workspace SAML SSO auth

Host: GitHub
URL: https://github.com/walkersumida/aws-sso-google
Owner: walkersumida
License: mit
Created: 2024-09-23T06:34:50.000Z (3 months ago)
Default Branch: main
Last Pushed: 2024-11-14T12:43:44.000Z (about 1 month ago)
Last Synced: 2024-11-14T13:36:41.901Z (about 1 month ago)
Topics: aws, golang, google, google-workspace, saml, single-sign-on, sso, sts
Language: Go
Homepage:
Size: 80.1 KB
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: MIT-LICENSE

Awesome Lists containing this project

README

aws-sso-google

AWS STS credentials via Google Workspace

[![](https://github.com/walkersumida/aws-sso-google/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/walkersumida/aws-sso-google/actions)

#### Features:

- Seamless integration with the `aws` cli for secure, continuous and non-interactive STS session renewals.
- Support for all 2FA methods as provided by Google

## Installation

### Build from source

```bash
go install github.com/walkersumida/aws-sso-google@latest
```

### Install via Homebrew

```sh
brew install walkersumida/tap/aws-sso-google
```

## Usage

Add the following settings to `~/.aws/config`.

ref: [Source credentials with an external process](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html)

```ini
[profile example]
credential_process = aws-sso-google -c -u [email protected] -p example -i XXXXXXXXX -s 888888888888 --aws-region ap-northeast-1 --aws-role-arn arn:aws:iam::999999999999:role/RoleName
```

Then run the `aws` command as usual.
```bash
$ aws s3 ls
```

If the authentication has expired, the browser will start and the Google authentication screen will appear. If the authentication is successful, the result of the aws command will be displayed.

## Help

```bash
$ aws-sso-google -h
Acquire AWS STS credentials via Google Workspace SAML in a browser

Usage:
aws-sso-google [flags]

Flags:
-p, --aws-profile string AWS profile
-e, --aws-region string AWS region
-r, --aws-role-arn string AWS role arn
-d, --aws-session-duration int32 AWS session duration in seconds (default 3600)
-c, --clean Clean browser session
-h, --help help for aws-sso-google
-i, --idp-id string Google SSO IdP identifier
-s, --sp-id string Google SSO SP identifier
-u, --username string Google Email address
-v, --version version for aws-sso-google
```