aws-google-auth: use Google Apps to federate identity to AWS on the command-line
June 21, 2017 6:51 AM Subscribe
aws-google-auth: use Google Apps to federate identity to AWS on the command-line
Got Google Apps? Got AWS? Want to not have to worry about long-lasting AWS credentials stored on disk? Google Apps SAML Single Sign On (SSO) capability has been available for federated identity into AWS via the console for some time now, but bringing that to the command-line has been ... problematic. Google doesn't provide a nice SAML endpoint, they hide it behind all sorts of browsery-specific gubbins. This tool lets you make use of Google's SAML Identity Provider to authenticate yourself to AWS, so you now have the same experience on the command line.
Federated identities mean that you create your users in one place, and define what they can access; this makes larger organisations more secure, because you don't have to keep track of the explosion of usernames and passwords.
Did you ever use "login with Google" to a site? Or "login with Facebook"? That's identity federation at work. This is the same kind of thing, but for the command line.
Got Google Apps? Got AWS? Want to not have to worry about long-lasting AWS credentials stored on disk? Google Apps SAML Single Sign On (SSO) capability has been available for federated identity into AWS via the console for some time now, but bringing that to the command-line has been ... problematic. Google doesn't provide a nice SAML endpoint, they hide it behind all sorts of browsery-specific gubbins. This tool lets you make use of Google's SAML Identity Provider to authenticate yourself to AWS, so you now have the same experience on the command line.
Federated identities mean that you create your users in one place, and define what they can access; this makes larger organisations more secure, because you don't have to keep track of the explosion of usernames and passwords.
Did you ever use "login with Google" to a site? Or "login with Facebook"? That's identity federation at work. This is the same kind of thing, but for the command line.
Role: creator
« Older Fuck Everyone in the Entire History of Humanity™... | Soulpepper on 42nd Street... Newer »
posted by corvine at 8:54 AM on June 23, 2017