Gimme AWS Creds

Learn via video courses

Overview

The gimme-aws-creds command line interface (CLI) is a tool that obtains temporary AWS credentials via the AWS Security Token Service using Okta, a SAML-based identity provider (STS). The gimme-aws-creds command-line interface (CLI) can be used to programmatically access the AWS access credentials and Okta can be set up for single sign-on (SSO) to the AWS console.

Introduction to Gimme AWS Creds

Programmatically accessing AWS access credentials is possible with the gimme-aws-creds command line interface (CLI). It uses the AWS Security Token Service (STS) to obtain temporary AWS credentials using Okta, a SAML-based identity provider. Users can log into their AWS accounts using Okta by configuring it for single sign-on (SSO) to the AWS console. This can be an efficient tool for controlling multiple Okta applications and streamlining AWS service access.

Pre Requisites

Following are the prerequisites for using the "gimme-AWS-creds" CLI:

  1. Access to an active AWS account
  2. Python 3.6 or later installed
  3. Integration of Okta SAML with the AWS account
  4. The AWS CLI, installed and configured

Gimme AWS Creds Installation

Once you've met these prerequisites, you can use pip, the Python package manager, to install gimme-aws-creds and keyrings. The Python keyring package contains a module called keyrings. alt that offers an alternate keyring backend. Passwords, keys, and other sensitive information can be kept safely on keyrings. Here is an example of using pip to install gimme-aws-creds and keyrings.alt:

pip3 install gimme-aws-creds

pip3 install keyrings.alt

Gimme AWS Creds Configuration

Run the configuration setup command:

gimme-aws-creds --action-configure

The only configuration parameter that is required is the okta_org_url. okta_org_url is the Okta organization's URL. For example: HERE. You will be prompted to enter it by a configuration wizard.

Other optional parameters include:

  • conf_profile - The name for the Okta configuration profile.
  • okta_auth_server - OpenID Connect authentication is performed by the Okta API Authorization Server.
  • write_aws_creds - AWS credentials will be written to /.aws/credentials if True; otherwise, they will be sent to stdout.
  • cred_profile - The name of the AWS credential profile is set if writing to the AWS cred file.

Gimme AWS Creds Usage

Run gimme-aws-creds after running the configure command. The required data will be requested from you in the prompt. Enter the data and the AWS credentials will be returned by the CLI afterward. When prompted, enter the username and password you use to sign in to Okta.

gimme-aws-creds

The above steps will allow programmatic access to AWS security credentials. If all goes well, you will get your temporary AWS access, secret key, and token. These will either be written to stdout or ~/.aws/credentials.

Viewing Profiles

The command gimme-aws-creds —action-list-profiles will access your okta configuration file and output a list of all created profiles along with their settings.

Viewing Roles

Without obtaining their credentials, gimme-aws-creds —action-list-roles prints all of the available roles to STDOUT.

Generate Credentials as JSON

With one input per line, the command gimme-aws-creds -o json prints credentials in JSON format.

Conclusion

  • The gimme-aws-creds command line interface can be used to programmatically access the AWS access credentials.
  • Okta can be set up for single sign-on (SSO) to the AWS console.
  • This can be an efficient tool for controlling multiple Okta applications and streamlining AWS service access.
  • An active AWS account, Python 3.6 or later, Integration of Okta SAML with the AWS account, and AWS command line interface (CLI) are the prerequisites for using gimme-aws-creds.