A CLI tool that allows you to log in and retrieve AWS temporary credentials using Red Hat SAML IDP.
- Python 3.11 or later
- Connected to Red Hat VPN
- A Red Hat managed computer (Kerberos must be installed and configured) and you are logged in with your Red Hat account
The rh-aws-saml-login
CLI is a tool that simplifies the process of logging into an AWS account via Red Hat SSO. It retrieves a SAML token from the Red Hat SSO server, then fetches and parses the AWS SSO login page to present you with a list of all available accounts and their respective roles. You can then choose your desired account and role, and rh-aws-saml-login
uses the SAML token to generate temporary AWS role credentials. Finally, it spawns a new shell with the necessary AWS_
environment variables already set up, so you can immediately use the aws
CLI without any further configuration.
On CSB Fedora, you need to install the Kerberos development package:
sudo dnf install krb5-devel
You can install this library from PyPI with pip
:
python3 -m pip install rh-aws-saml-login
or install it with pipx
:
pipx install rh-aws-saml-login
You can also use pipx
to run the library without installing it:
pipx run rh-aws-saml-login
rh-aws-saml-login
This spawns a new shell with the following environment variables are set:
AWS_ACCOUNT_NAME
: The name/alias of the AWS accountAWS_ROLE_NAME
: The name of the roleAWS_ROLE_ARN
: The ARN of the roleAWS_ACCESS_KEY_ID
: The access key used by the AWS CLIAWS_SECRET_ACCESS_KEY
: The secret access key used by the AWS CLIAWS_SESSION_TOKEN
: The session token used by the AWS CLIAWS_REGION
: The default region used by the AWS CLI
rh-aws-saml-login currently provides the following features (get help with -h
or --help
):
-
No configuration needed
-
Uses Kerberos authentication
-
Open the AWS web console for an account with the
--console
option -
Shell auto-completion (bash, zsh, and fish) including AWS account names
-
Integrates nicely with the starship
[env_var.AWS_ACCOUNT_NAME] format = "$symbol$style [$env_value]($style) " style = "cyan" symbol = "🚀"
- Update CHANGELOG.md with the new version number and date
- Bump the version number in pyproject.toml