What does HackerNews think of saml2aws?

CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP

Language: Go

#10 in Amazon Web Services
#87 in Linux
#38 in Windows
Have lots of AWS accounts | Oct 2022
Expand Context ↕
Depending on your SSO provider, you can list all the roles using saml2aws[0] and then parse the output so you can generate the relavant config. It is a bit tedious, but it works.

[0] https://github.com/Versent/saml2aws/
Show HN: AWS credentials management CLI tool | Nov 2021
In my company everything goes through Active Directory and we use saml2aws [1] to generate credentials with two factor involved. It works quite well for us. We even use this for our artists to create local builds of our games since we keep all important secrets and such in aws secrets mananger. We scope access to said secrets with custom roles and tags.

[1] https://github.com/Versent/saml2aws

How to give access to AWS resources without creating 100s of IAM Users? | Aug 2020
Expand Context ↕
Have you considered saml2aws[0]?

[0] https://github.com/Versent/saml2aws
How SAML 2.0 Authentication Works | Jul 2019
Expand Context ↕
We've been using SAML to log in to AWS for the better part of a year now and it's been pretty good for us.

When logging in, you assume a role (sts:AssumeRoleWithSAML), I'm surprised you did not mention the worst part: logging in to the CLI with this. You either have to manually input the returned SAML assertion to the AWS cli[1], but luckily there is a tool called saml2aws[2] to do this with the majority of identity providers.

saml2aws sadly didn't have proper support for assuming many roles at once, so we even ended up writing our own tool for this.

This is something AWS has completely ignored so far and I am not aware of any progress towards a better CLI experience.

[1]: https://aws.amazon.com/premiumsupport/knowledge-center/aws-c...

[2]: https://github.com/Versent/saml2aws