SumeetSingh786
commented
5 years ago We need feature to add session tokens or temporary credentials using MFA device
Open fbourqui opened 6 years ago
SumeetSingh786
commented
5 years ago We need feature to add session tokens or temporary credentials using MFA device
edwinwiles
commented
5 years ago Strong request for MFA support. The company I work for requires MFA for all accounts.
Edit: Whether that support comes by way of actually accepting input from an MFA device directly, or simply accepting an STS generated via a helper, doesn't matter as much as getting access to work at all with MFA. A co-worker has been attempting this for several days now with a variety of IDE, with no real success.
edwinwiles
commented
5 years ago OT: only way to contact individual.
@fbourqui You mentioned getting VS Code to work
For other ide like VS code, or git command line we can use aws helper: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-windows.html with: helper = !aws --profile my-profile-sts codecommit credential-helper $@
Did that include getting AWS CLI commands working through VS Code? Or just getting VS Code able to work with CodeCommit?
Thanks!
eschulma
commented
4 years ago @edwinwiles I am fairly certain that syntax is git specific, having set that up for CodeCommit a few days ago.
I would like to request that the toolkit support SSO, as in the issue #89 you already linked to.
ryan-max-mule
commented
2 years ago @eschulma I left a comment on #89 as well, just checking to see if there was a solution for this. Can anyone recommend a way to utilize an HTTPS (GRC) URL in the AWS Toolkit for Eclipse's CodeCommit component, or some other way to clone/push code with a federated user?
eschulma
commented
2 years ago @ryan-max-mule I do it all from the command line. It's easy enough. I use yawsso (on GitHub) to get credentials into the necessary AWS file. Be aware that the Eclipse Toolkit is effectively dead, although they took my pull request to bring it up to Java 11 there has not been a new release in years. We still use it for CodeDeploy but nothing else.
I will add you need to set environment variables as well. See Medium and AWS documentation for guides.
Hello,
We have all our IAM users that require mfa to login with their AWS access key, we do not allow them to create ServiceSpecificAccessKey (we plan to move to saml federation with ADFS, and we want only to use STS short time token).
The users run a script similar to samlapi.py, (see below link to aws blog), and need to provide his mfa to get sts token, we store the token in ~/.aws/credentials
For other ide like VS code, or git command line we can use aws helper: https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-https-windows.html with: helper = !aws --profile my-profile-sts codecommit credential-helper $@
This could provide a solution for #89 Add Federated Access Support to Eclipse Toolkit. Would need to use: https://aws.amazon.com/blogs/security/how-to-implement-federated-api-and-cli-access-using-saml-2-0-and-ad-fs/ to get sts token.