feat(console) Log into the AWS console from saml2aws #410
Conversation
As per https://segment.com/blog/secure-access-to-100-aws-accounts/ I have implemented console log in directly from saml2aws. Note: Like the exec command, if your credentials are still active this will not prompt for login.
| --skip-prompt Skip prompting for parameters during login. | ||
| --exec-profile Execute the given command utilizing a specific profile from your ~/.aws/config file |
There was a problem hiding this comment.
why did this get removed from the readme?
There was a problem hiding this comment.
I just ran the help command and updated the version in the README. May have been removed in a previous PR.
There was a problem hiding this comment.
#420 has some fixes for the issues you have identified.
| return errors.Wrap(err, "error logging in") | ||
| } | ||
|
|
||
| if consoleFlags.ExecProfile != "" { |
There was a problem hiding this comment.
saml2aws console --exec-profile staging-admin
saml2aws: error: unknown long flag '--exec-profile', try --help
Does this command need a different flag set? It looks like it is currently sharing with 'login'
There was a problem hiding this comment.
Could be a copy paste issue, i wanted to demo it more widely so I released it a bit early TBH given it was a new command.
It may have been a bit rough.
There was a problem hiding this comment.
I'm not 100% sure you can do a 'login to this secondary assume' (eg: okta -> loginRole -> assumedRole -> web console) anyway - I tried to do it using python and got stuck - the closest I got is that you can open directly to the 'Switch Role' page directly and fill the info in, which is at least just a click away.
| destination := "https://console.aws.amazon.com/" | ||
|
|
||
| loginURL := fmt.Sprintf( | ||
| "https://signin.aws.amazon.com/federation?Action=login&Issuer=aws-okta&Destination=%s&SigninToken=%s", |
There was a problem hiding this comment.
should this have a different issuer?
There was a problem hiding this comment.
Indeed it should, nice pickup!
As per https://segment.com/blog/secure-access-to-100-aws-accounts/ I have implemented AWS console login directly from saml2aws.
This will open using your default browser.
Note: Like the exec command, if your credentials are still active this will not prompt for login.