GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → wnkz → aws-sso

wnkz / aws-sso

Licence: Apache-2.0 license
Command Line tool for AWS SSO Credentials

Programming Languages

python
139335 projects - #7 most used programming language
Makefile
30231 projects

Labels

cliawscloudcredentialsaws-sso

Projects that are alternatives of or similar to aws-sso

Awsenv
awsenv is intended as a local credential store for people using more than one AWS account at the same time
Stars: ✭ 67 (+123.33%)
Mutual labels:  credentials
Chameleon
Customizable honeypots for monitoring network traffic, bots activities and username\password credentials (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, RDP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres and MySQL)
Stars: ✭ 230 (+666.67%)
Mutual labels:  credentials
docker-credential-magic
A magic shim for Docker credential helpers 🪄
Stars: ✭ 56 (+86.67%)
Mutual labels:  credentials
Cfn Secret Provider
A CloudFormation custom resource provider for deploying secrets and keys
Stars: ✭ 125 (+316.67%)
Mutual labels:  credentials
Poshkeepass
PowerShell module for KeePass
Stars: ✭ 177 (+490%)
Mutual labels:  credentials
Credsleaker
Credsleaker allows an attacker to craft a highly convincing credentials prompt using Windows Security, validate it against the DC and in turn leak it via an HTTP request.
Stars: ✭ 247 (+723.33%)
Mutual labels:  credentials
Credentials Binding Plugin
Stars: ✭ 39 (+30%)
Mutual labels:  credentials
veriform
Security-oriented protobuf-like serialization format with "Merkleized" content hashing support
Stars: ✭ 114 (+280%)
Mutual labels:  credentials
Leakscraper
LeakScraper is an efficient set of tools to process and visualize huge text files containing credentials. Theses tools are designed to help penetration testers and redteamers doing OSINT by gathering credentials belonging to their target.
Stars: ✭ 227 (+656.67%)
Mutual labels:  credentials
afp-cli
CLI for the AWS Federation Proxy
Stars: ✭ 13 (-56.67%)
Mutual labels:  credentials
Cr3dov3r
Know the dangers of credential reuse attacks.
Stars: ✭ 1,700 (+5566.67%)
Mutual labels:  credentials
Passcat
Passwords Recovery Tool
Stars: ✭ 164 (+446.67%)
Mutual labels:  credentials
ESPAsync WiFiManager Lite
Library using AsyncWebServer to configure MultiWiFi/Credentials at runtime for ESP32 (including ESP32-S2 and ESP32-C3) and ESP8266 boards. You can also specify DHCP HostName, static AP and STA IP. Use much less memory compared to full-fledge WiFiManager. Config Portal will be auto-adjusted to match the number of dynamic custom parameters. Option…
Stars: ✭ 48 (+60%)
Mutual labels:  credentials
Dllpasswordfilterimplant
DLL Password Filter Implant with Exfiltration Capabilities
Stars: ✭ 107 (+256.67%)
Mutual labels:  credentials
ESPAsync WiFiManager
This is an ESP32 (including ESP32-S2 and ESP32-C3) / ESP8266 WiFi Connection Manager, using ESPAsyncWebServer, with fallback web configuration portal. Use this library for configuring ESP32, ESP8266 modules' WiFi, etc. Credentials at runtime. You can also specify static DNS servers, personalized HostName, fixed or random AP WiFi channel. With ex…
Stars: ✭ 244 (+713.33%)
Mutual labels:  credentials
Aws Secrets Manager Credentials Provider Plugin
AWS Secrets Manager Credentials Provider for Jenkins
Stars: ✭ 45 (+50%)
Mutual labels:  credentials
Oprah Proxy
Generate credentials for Opera's "browser VPN"
Stars: ✭ 245 (+716.67%)
Mutual labels:  credentials
ssh-credentials-plugin
No description or website provided.
Stars: ✭ 23 (-23.33%)
Mutual labels:  credentials
schluessel
Node.js package for storing application credentials (API keys, database passwords, etc.) encrypted in your repository.
Stars: ✭ 27 (-10%)
Mutual labels:  credentials
ggshield
Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Stars: ✭ 1,272 (+4140%)
Mutual labels:  credentials
View All Similar Projects ➔

aws-sso

GitHub Actions status GitHub Actions status PyPi Version PyPI - Python Version PyPI - Downloads

This package provides a command line interface to get AWS credentials with AWS SSO.

The aws-cli package works on Python versions:

  • 3.7.x and greater

Attention!

This package relies on Selenium and Google Chrome to work. Therefore, you need Google Chrome and ChromeDriver to be installed.

This is being developped and tested on macOS, if you encounter problems on other platforms, please open an issue.

Dependencies

macOS

brew cask install chromedriver

Linux

¯\_(ツ)_/¯

Installation

pip install awssso

Getting Started

Help

For each command you can get help with --help flag.

usage: awssso configure [-h] [-p PROFILE] [-a AWS_PROFILE] [-f] [--url URL]
                        [--username USERNAME]

optional arguments:
  -h, --help            show this help message and exit
  -p PROFILE, --profile PROFILE
                        AWS SSO Profile (default: default)
  -a AWS_PROFILE, --aws-profile AWS_PROFILE
                        AWS CLI Profile (default: AWS_PROFILE, fallback: same
                        as --profile)
  -f, --force-refresh   force token refresh
  --url URL
  --username USERNAME

Configure a profile

$ awssso configure
[?] URL: https://d-0123456789.awsapps.com/start/
[?] AWS CLI profile: my-awssso-profile
[?] Username: [email protected]
[?] Password: **************
[?] MFA Code: 042042
[?] AWS Account: 000000000000 (Master)
   111111111111 (Log archive)
   222222222222 (Audit)
 > 000000000000 (Master)

[?] AWS Profile: AWSAdministratorAccess
   AWSServiceCatalogEndUserAccess
 > AWSAdministratorAccess

This will create a configuration file in ~/.awssso/config.

Get credentials

$ awssso login

This will get the credentials for the profile as defined in the configuration file and use aws-cli to set those credentials to the correct AWS Profile.

$ awssso login -e
export AWS_ACCESS_KEY_ID=ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY=SECRET_ACCESS_KEY
export AWS_SESSION_TOKEN=SESSION_TOKEN

This will echo export commands to stdout ; can be used like this $(awssso login -e)

$ awssso login -c
https://signin.aws.amazon.com/federation?Action=login&Destination=https%3A%2F%2Fconsole.aws.amazon.com%2F&SigninToken=TOKEN

This will generate a Sign In URL to the AWS Console ; URL will open in a new tab if used with --browser.

You can also use this tool as a credential_process for awscli. To do so, configure your awscli configuration file like so:

[profile my-sso-profile]
credential_process = awssso login -p my-awssso-profile --json

And then simply use awscli normally:

$ aws --profile my-sso-profile s3 ls

Base concepts

aws-sso has its own configuration file (~/.awssso/config).
Each section in this file corresponds to an AWS SSO profile. Those profiles are different from AWS profiles.

When using the login command, it'll set credentials for the configured AWS Profile by invoking aws configure.

Inside ~/.awssso/ are also stored cookie files for each pair of username / url. This allows not prompting for MFA code at each login.

Secrets are stored using keyring so for example on macOS they are stored in Keychain.
For each username / url aws-sso stores three secrets:

  • password
  • authn-token
  • authn-expiry-date

aws-sso doesn't make new login attempts until authn-token is expired.
aws-sso also stores credentials using keyring to avoid making too many STS calls.

Releases

The release notes for AWS SSO can be found here.

Known issues

Known issues can be found here.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].