Metadata-Version: 2.1
Name: stsauth
Version: 0.2.1
Summary: CLI tool for fetching AWS tokens.
Home-page: https://github.com/cshamrick/stsauth
Author: Scott Hamrick
Author-email: scott@scotthamrick.com
License: MIT
Platform: UNKNOWN
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.6
Classifier: Operating System :: OS Independent
Description-Content-Type: text/markdown
Requires-Dist: awscli (<2,>=1.15.0)
Requires-Dist: boto3 (<2,>=1.7.0)
Requires-Dist: beautifulsoup4 (<5,>=4.6.0)
Requires-Dist: Click (<7,>=6.7)
Requires-Dist: click-log (<0.3,>=0.2.1)
Requires-Dist: configparser (<4,>=3.5.0)
Requires-Dist: requests (<3,>=2.18.0)
Requires-Dist: requests-ntlm (<2,>=1.1.0)

# stsauth
Creates a temporary `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` that can be used with cli tools such as `awscli`, `ansible`, `terraform` and more.

This method of authentication is preferred because it eliminates the need for long-lived access keys and forces every user to use their own credentials when connecting to AWS Services.

## Prerequisites
1. `python` and `pip` must be installed.
1. Ensure `pip` is configured to work behind your organization's proxy server if necessary. See [PIP Configuration](https://pip.pypa.io/en/stable/user_guide/#configuration) for details on configuration.
1. Must already have access to an AWS account console.

## Install
```
# Uninstall if a version of `stsauth` already exists
$ pip uninstall stsauth

# Install the current release
$ pip install stsauth

# Install a specific version
$ pip install stsauth==0.1.0
```

## Upgrade
```
$ pip install stsauth --upgrade
```

## Configuration
- A valid AWS CLI configuration is required. For more information about the AWS CLI, see [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html) for more information.
- Sample `~/.aws/credentials` file:
```
[default]
output = json
region = us-east-1
idpentryurl = https://<fqdn>/adfs/ls/idpinitiatedsignon.aspx?LoginToRP=urn:amazon:webservices
domain = MYADDOMAIN
aws_access_key_id = ''
aws_secret_access_key = ''
```

## Usage
```
$ stsauth
Usage: stsauth [OPTIONS] COMMAND [ARGS]...

Options:
  -v, --verbosity LVL  Either CRITICAL, ERROR, WARNING, INFO or DEBUG
  --version            Show the version and exit.
  --help               Show this message and exit.

Commands:
  authenticate
  profiles

$ stsauth authenticate --help
Usage: stsauth authenticate [OPTIONS]

Options:
  -u, --username TEXT             IdP endpoint username.
  -p, --password TEXT             Program will prompt for input if not
                                  provided.
  -i, --idpentryurl TEXT          The initial url that starts the
                                  authentication process.
  -d, --domain TEXT               The active directory domain.
  -c, --credentialsfile TEXT      Path to AWS credentials file.
  -l, --profile TEXT              Name of config profile.
  -r, --region TEXT               The AWS region to use. ex: us-east-1
  -o, --output [json|text|table]
  -f, --force                     Auto-accept confirmation prompts.
  --help                          Show this message and exit.

$ stsauth authenticate
Username: username
Password: 

Please choose the role you would like to assume:
Account 000000000000:
[0]: ADFS-Account-One
[1]: ADFS-Account-Two

Account 000000000001:
[2]: ADFS-Account-One

Account 000000000002:
[3]: ADFS-Account-One
[4]: ADFS-Account-Two

Selection: 2

Requesting credentials for role: arn:aws:iam::000000000001:role/ADFS-Account-One

------------------------------------------------------------
Your new access key pair has been generated with the following details:
------------------------------------------------------------
File Path: /Users/username/.aws/credentials
Profile: 000000000001-ADFS-Account-One
Expiration Date: 2018-06-27 16:29:01+00:00
------------------------------------------------------------
To use this credential, call the AWS CLI with the --profile option:
(e.g. aws --profile 000000000001-ADFS-Account-One ec2 describe-instances).
--------------------------------------------------------------

$ stsauth profiles --help
Usage: stsauth profiles [OPTIONS]

Options:
  -c, --credentialsfile TEXT  Path to AWS credentials file.
  --help                      Show this message and exit.

$ stsauth profiles
Profile                           Expire Date        
--------------------------------- -------------------
default                           No Expiry Set      
saml                              2018-06-25 16:32:20
000000000000-ADFS-Account-One     2018-06-25 16:36:27
000000000000-ADFS-Account-Two     2018-06-25 16:47:51
000000000001-ADFS-Account-One     2018-06-27 10:04:46
000000000002-ADFS-Account-One     2018-06-27 11:23:23
000000000002-ADFS-Account-Two     2018-06-27 11:28:22

```

## Credits
This project is based largely on [Enabling Federation to AWS Using Windows Active Directory, ADFS, and SAML 2.0](https://aws.amazon.com/blogs/security/enabling-federation-to-aws-using-windows-active-directory-adfs-and-saml-2-0/)



