-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenId connect support to generate temporary credentials #4045
Comments
@forty - Thanks for your post. Looks like you might be interested in checking out AWS Security Token Service (STS). There is a command you can use that returns a set of temporary credentials for an AWS account or IAM user.:
You can also control the output from the CLI to json or text:
Please let us know if this would work for your use case. |
This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further. |
@justnance Sorry for the late answer. No, that would not work for me, my goal is to login using oidc/saml, which get-session-token doesn't allow. |
@forty - Thanks for the feedback. We are discussing a similar feature for CLI V2 which we are tracking under #3587. I'm going to close this issue so we can centralize the discussion and avoid duplicate efforts. Please 👍 or comment on #3587. |
Hello,
I feel a feature like https://github.com/openstandia/aws-cli-oidc would be a great addition to AWS cli (I haven't tried this project yet but we do something similar, and the code looks good).
It allows the generation of temporary AWS credential by simply opening an URL in the browser using oidc. This is a great feature, and as this is security sensitive, I would rather have it in the official client than on a random client on GitHub.
Syntax idea:
aws oidc get-temporary-credentials --config=configfile.json
(this opens the browser and output the result of AssumeRoleXXXX)What do you think?
The text was updated successfully, but these errors were encountered: