|
|
|
|
|
|
by rukenshia
2520 days ago
|
|
|
We've been using SAML to log in to AWS for the better part of a year now and it's been pretty good for us. When logging in, you assume a role (sts:AssumeRoleWithSAML), I'm surprised you did not mention the worst part: logging in to the CLI with this. You either have to manually input the returned SAML assertion to the AWS cli[1], but luckily there is a tool called saml2aws[2] to do this with the majority of identity providers. saml2aws sadly didn't have proper support for assuming many roles at once, so we even ended up writing our own tool for this. This is something AWS has completely ignored so far and I am not aware of any progress towards a better CLI experience. [1]: https://aws.amazon.com/premiumsupport/knowledge-center/aws-c... [2]: https://github.com/Versent/saml2aws |
|
|