En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

ELI5: AWS CLI and SSO

2

I like to use the AWS PowerShell and CLI tools from my workstation for quick ad-hoc activities. I have these configured to use an IAM account I created for myself that has API keys.

In this modern world of "SSO for all the things", I'd like to understand my best route to change to using my existing SSO account (via Azure AD w/ MFA) for command line activities instead. Is there an AWS native solution?

  • ckas10
    il y a 2 ans

    For those confused, "ELI5" means "Explain Like I'm 5". :-)

Sujets
Sécurité, identité et conformitéGestion et gouvernance
Balises
Gestion des identités et des accès AWSInterface à ligne de commande AWS
Langue
English
ckas10
demandé il y a 2 ans1069 vues
4 réponses
4

Take a look at the aws configure sso command for the AWS CLI v2. This command can set up named profiles for IAM roles that you have access to.

AWS
Matt
répondu il y a 2 ans
0

AWS SSO can be used with your IdP of choice. Here is a good lab which describes how to set it up with Azure AD. AWS SSO will manage short term rotation of API Access and Secret key along with a session token.

AWS
Jarrid_K
répondu il y a 2 ans
  • ckas10
    il y a 2 ans

    You may have missed the "ELI5" and "CLI" portions of my question?

    I do, of course, use SSO every day for console access. This question, to be painfully clear, is about CLI though.

  • Jarrid_K
    il y a 2 ans

    AWS SSO gives your role both console and CLI access. You can just copy / paste your access, secret, & session keys from the AWS SSO sign-in page. Alternatively, this doc may help you set up the CLI: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html

0

Hello Eli5, an AWS native solution would be for you enable AWS SSO and integrate it with your Azure AD [https://docs.aws.amazon.com/singlesignon/latest/userguide/azure-ad-idp.html]. Once this is done, you can authenticate to the AWS SSO console (using your Azure AD creds) and then select the Command Line from dashboard and get the temp credentials for CLI access. Without the AWS SSO, you may want to use third-party tools such as: https://blog.migrationking.com/2020/09/how-to-login-to-aws-using-cli-with.html https://github.com/sportradar/aws-azure-login

itisoben
répondu il y a 2 ans
0

Hi, for sure you have to check out aws configure sso command of the AWS CLI.

My point is, that seeing how AWS manages the sso directory in a plain text file inside the ~/.aws/ folder, as posted here, I prefer to manage these credentials with an open-source tool: Leapp

Btw, with Leapp I can also manage multiple AWS Single-Sign-On access at the same time, and at the same time, it manage Azure credentials too

Andrea Cavagna
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents