synfinatic
commented
3 years ago Blocked on #40
Closed synfinatic closed 3 years ago
synfinatic
commented
3 years ago Blocked on #40
synfinatic
commented
3 years ago synfinatic
commented
3 years ago this probably should be a new tool.
synfinatic
commented
3 years ago great example of how to do this manually with the AWS CLI tool: https://github.com/99designs/aws-vault/issues/449
synfinatic
commented
3 years ago And aws-vault already does this: https://github.com/99designs/aws-vault/blob/master/USAGE.md#aws-single-sign-on-aws-sso
Note: this isn't how I would do it. If you have 100 accounts, now each person has to create 100 profile entries in their ~/.aws/config which sucks. I'm pretty sure you can query AWS and get a list of accounts/roles on the fly to present the user
synfinatic
commented
3 years ago don't think this really fits into this tool, so creating another. marking as wont-fix.
Using AWS SSO w/ OneLogin basically adds another layer of SAML to get API Keys since the OneLogin SAML Assertion just gives you another URL to do yet another SAML assertion to get the actual AWS Roles to assume.