AWS Cli authenticator via ADFS - small command-line tool to authenticate via ADFS and assume chosen role
Project description
# aws-adfs
[](https://badge.fury.io/py/aws-adfs)
[](https://api.travis-ci.org/venth/aws-adfs.svg?branch=master)
Command line tool to easier aws cli authentication against ADFS (multi factor authentication with active directory).
Thanks to [Brandond](https://github.com/brandond) contribution - "Remove storage of credentials, in favor of storing ADFS session cookies"
aws-adfs:
> allows you to re-login to STS without
> entering credentials for an extended period of time, without having to store the user's actual credentials.
> It also lets an organization control the period in which a user can re-login to STS without entering credentials,
> by altering the ADFS session lifetime.
Thanks to [Brandond](https://github.com/brandond) contribution - "Add support for legacy aws_security_token key in credentials file"
aws-adfs supports ansible by providing two keys with security token:
* AWS_SESSION_TOKEN and
* AWS_SECURITY_TOKEN
Thanks to [Brandond](https://github.com/brandond) contribution - "Add support for Kerberos SSO on Windows via requests_negotiate_sspi"
* on windows os will be used Security Support Provider Interface
# Installation
* user local installation
```
pip install aws-adfs
```
Please note, that you need to add $HOME/.local/bin to your PATH
* system wide installation
```
sudo pip install aws-adfs
```
* virtualenvs
```
virtualenv -p /usr/bin/python2.7 aws-adfs
source aws-adfs/bin/activate
pip install aws-adfs
...
...
deactivate
```
# Examples of usage
* login to your adfs host with disabled ssl verification on aws cli profile: adfs
```
aws-adfs login --adfs-host=your-adfs-hostname --no-ssl-verification
```
and verification
```
aws --profile=adfs s3 ls
```
* login to your adfs host with disabled ssl verification on specified aws cli profile: specified-profile
```
aws-adfs login --profile=specified-profile --adfs-host=your-adfs-hostname --no-ssl-verification
```
and verification
```
aws --profile=specified-profile s3 ls
```
* help, help, help?
```
$ aws-adfs --help 13:37
Usage: aws-adfs [OPTIONS] COMMAND [ARGS]...
Options:
--version Show current tool version
--help Show this message and exit.
Commands:
list lists available profiles
login Authenticates an user with active directory...
reset removes stored profile
```
```
$ aws-adfs list --help 13:38
Usage: aws-adfs list [OPTIONS]
lists available profiles
Options:
--version Show current tool version
--help Show this message and exit.
```
```
$ aws-adfs login --help 13:38
Usage: aws-adfs login [OPTIONS]
Authenticates an user with active directory credentials
Options:
--profile TEXT AWS cli profile that will be authenticated.
After successful authentication just use:
aws --profile <authenticated profile>
<service> ...
--region TEXT The default AWS region that this script will
connect
to for all API calls
--ssl-verification / --no-ssl-verification
SSL certificate verification: Whether or not
strict certificate
verification is done,
False should only be used for dev/test
--adfs-host TEXT For the first time for a profile it has to
be provided, next time for the same profile
it will be loaded from the stored
configuration
--output-format [json|text|table]
Output format used by aws cli
--help Show this message and exit.
```
```
$ aws-adfs reset --help 13:39
Usage: aws-adfs reset [OPTIONS]
removes stored profile
Options:
--profile TEXT AWS cli profile that will be removed
--help Show this message and exit.
```
# Known issues
* in cases of trouble with lxml please install
```
sudo apt-get install python-dev libxml2-dev libxslt1-dev zlib1g-dev
```
* python 2.6 is not supported
* python 3.2 is not supported
# Credits
* [Brandond](https://github.com/brandond) for: Remove storage of credentials, in favor of storing ADFS session cookies
* [Brandond](https://github.com/brandond) for: Add support for legacy aws_security_token key in credentials file
* [Brandond](https://github.com/brandond) for: Store last username in profile config; use it as default for prompt
* [Brandond](https://github.com/brandond) for: python 3 compatibility
* [Brandond](https://github.com/brandond) for: Add support for Kerberos SSO on Windows via requests_negotiate_sspi
* [Brandond](https://github.com/brandond) for: ssl_verification must be a str
[](https://badge.fury.io/py/aws-adfs)
[](https://api.travis-ci.org/venth/aws-adfs.svg?branch=master)
Command line tool to easier aws cli authentication against ADFS (multi factor authentication with active directory).
Thanks to [Brandond](https://github.com/brandond) contribution - "Remove storage of credentials, in favor of storing ADFS session cookies"
aws-adfs:
> allows you to re-login to STS without
> entering credentials for an extended period of time, without having to store the user's actual credentials.
> It also lets an organization control the period in which a user can re-login to STS without entering credentials,
> by altering the ADFS session lifetime.
Thanks to [Brandond](https://github.com/brandond) contribution - "Add support for legacy aws_security_token key in credentials file"
aws-adfs supports ansible by providing two keys with security token:
* AWS_SESSION_TOKEN and
* AWS_SECURITY_TOKEN
Thanks to [Brandond](https://github.com/brandond) contribution - "Add support for Kerberos SSO on Windows via requests_negotiate_sspi"
* on windows os will be used Security Support Provider Interface
# Installation
* user local installation
```
pip install aws-adfs
```
Please note, that you need to add $HOME/.local/bin to your PATH
* system wide installation
```
sudo pip install aws-adfs
```
* virtualenvs
```
virtualenv -p /usr/bin/python2.7 aws-adfs
source aws-adfs/bin/activate
pip install aws-adfs
...
...
deactivate
```
# Examples of usage
* login to your adfs host with disabled ssl verification on aws cli profile: adfs
```
aws-adfs login --adfs-host=your-adfs-hostname --no-ssl-verification
```
and verification
```
aws --profile=adfs s3 ls
```
* login to your adfs host with disabled ssl verification on specified aws cli profile: specified-profile
```
aws-adfs login --profile=specified-profile --adfs-host=your-adfs-hostname --no-ssl-verification
```
and verification
```
aws --profile=specified-profile s3 ls
```
* help, help, help?
```
$ aws-adfs --help 13:37
Usage: aws-adfs [OPTIONS] COMMAND [ARGS]...
Options:
--version Show current tool version
--help Show this message and exit.
Commands:
list lists available profiles
login Authenticates an user with active directory...
reset removes stored profile
```
```
$ aws-adfs list --help 13:38
Usage: aws-adfs list [OPTIONS]
lists available profiles
Options:
--version Show current tool version
--help Show this message and exit.
```
```
$ aws-adfs login --help 13:38
Usage: aws-adfs login [OPTIONS]
Authenticates an user with active directory credentials
Options:
--profile TEXT AWS cli profile that will be authenticated.
After successful authentication just use:
aws --profile <authenticated profile>
<service> ...
--region TEXT The default AWS region that this script will
connect
to for all API calls
--ssl-verification / --no-ssl-verification
SSL certificate verification: Whether or not
strict certificate
verification is done,
False should only be used for dev/test
--adfs-host TEXT For the first time for a profile it has to
be provided, next time for the same profile
it will be loaded from the stored
configuration
--output-format [json|text|table]
Output format used by aws cli
--help Show this message and exit.
```
```
$ aws-adfs reset --help 13:39
Usage: aws-adfs reset [OPTIONS]
removes stored profile
Options:
--profile TEXT AWS cli profile that will be removed
--help Show this message and exit.
```
# Known issues
* in cases of trouble with lxml please install
```
sudo apt-get install python-dev libxml2-dev libxslt1-dev zlib1g-dev
```
* python 2.6 is not supported
* python 3.2 is not supported
# Credits
* [Brandond](https://github.com/brandond) for: Remove storage of credentials, in favor of storing ADFS session cookies
* [Brandond](https://github.com/brandond) for: Add support for legacy aws_security_token key in credentials file
* [Brandond](https://github.com/brandond) for: Store last username in profile config; use it as default for prompt
* [Brandond](https://github.com/brandond) for: python 3 compatibility
* [Brandond](https://github.com/brandond) for: Add support for Kerberos SSO on Windows via requests_negotiate_sspi
* [Brandond](https://github.com/brandond) for: ssl_verification must be a str
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
aws-adfs-0.1.2.tar.gz
(12.4 kB
view details)
File details
Details for the file aws-adfs-0.1.2.tar.gz.
File metadata
- Download URL: aws-adfs-0.1.2.tar.gz
- Upload date:
- Size: 12.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
01bb926d1c1fcaf011482a9dc9a7a9299c6614eb902c723434e45292f1685e9e
|
|
| MD5 |
d5460a21d87339f0bbf74da3579d3bd1
|
|
| BLAKE2b-256 |
e43e8fd4a524ee86c31845b8dbdadc64f983c71c60feac76e36e9c9142331c52
|
