Closed monde closed 9 months ago
--aws-iam-idp and --aws-iam-role values can be friendly label and we'll reverse look up the ARN value for them from okta.yaml.
--aws-iam-idp
--aws-iam-role
Closes #102
Given an okta.yaml of
--- awscli: idps: "arn:aws:iam::123:saml-provider/S3_IDP": "S3 IdP" "arn:aws:iam::123:saml-provider/EC2_IDP": "EC2 IdP" roles: "arn:aws:iam::123:role/S3_RW": "S3 Read/Write" "arn:aws:iam::123:role/S3_READ": "OK S3 Read" "arn:aws:iam::123:role/EC2_full_access": "EC2 FULL"
okta-aws-cli can be invoked with ARN or friendly label values:
okta-aws-cli
# these two commands are equivalent $ okta-aws-cli web --oidc-client-id 0oabc --org-domain test.okta.com \ --aws-iam-idp arn:aws:iam::123:saml-provider/S3_IDP \ --aws-iam-role arn:aws:iam::123:role/S3_READ $ okta-aws-cli web --oidc-client-id 0oabc --org-domain test.okta.com \ --aws-iam-idp "S3 IdP" \ --aws-iam-role "OK S3 Read"
addressed in https://github.com/okta/okta-aws-cli/releases/tag/v2.1.0
monde
commented
9 months ago monde
commented
9 months ago
--aws-iam-idpand--aws-iam-rolevalues can be friendly label and we'll reverse look up the ARN value for them from okta.yaml.Closes #102
Given an okta.yaml of
okta-aws-clican be invoked with ARN or friendly label values: