[cnuss]

thanks for the question!

this completely eliminates the need to juggle ~/.aws/* files, or downloading or generation of one or more web identity token files, or complicated trust to a single root account

using a single GitHub token identifying the user, the saml.to backend exchanges that token for the desired account and credentials simply based on providing the desired role name as input

zero knowledge on how to authenticate the aws cli is necessary, which I've found as a high friction point for administrators and developers to get right

let me know if you have any more questions or feedback!