Metadata-Version: 2.1
Name: aws-oidc-login
Version: 0.1.2
Summary: CLI login to AWS using OpenID Connect
Home-page: http://github.com/NitorCreations/aws-oidc-login
Author: Mika Majakorpi
Author-email: mika.majakorpi@nitor.com
License: Apache 2.0
Download-URL: https://github.com/NitorCreations/aws-oidc-login
Platform: UNKNOWN
Description-Content-Type: text/markdown
Requires-Dist: boto3 (==1.9.208)
Requires-Dist: requests (==2.22.0)
Requires-Dist: argparse (==1.4.0)

# Log in to AWS using OpenID Connect

The aim for this is to create a general purpose CLI OIDC login with a limited set of trusted dependencies.

Tested with Azure AD. Your mileage may vary with other providers, please let us know!

[![Codeship Status for NitorCreations/aws-oidc-login](https://app.codeship.com/projects/c1b8cf70-ba79-0137-d140-5ec1c160b8c0/status?branch=master)](https://app.codeship.com/projects/364808)

## Setup (Azure AD example)
* Create Azure AD App
    * Set public client reply url to `http://localhost`
    * Add an appRole (may be unnecessary)
    * Add users(s) to the role (to the app)
* Create an AWS OIDC identity provider
    * Authority URL will be `https://login.microsoftonline.com/<AAD tenant id>/oauth2/v2.0`
    * Add your AAD app client id as audience
* Create a web identity role with permissions you'd like
    * Edit trust relationship for the role to allow role assumption with tokens issued by AAD for your app
* Add parameters under a suitable profile ~/.aws/config:
    * Add your application id (client id) from AAD app
    * Add your AAD tenant id
    * `oidc_authority_url=https://login.microsoftonline.com/<AAD tenant id>/oauth2/v2.0`
    * `oidc_client_id=<id of your AAD app>`
    * `oidc_role_arn=<ARN of the role you are assuming on AWS>`

## Install aws-oidc-login

Clone this repo and run `pip install aws-oidc-login` inside it.

## Run

The executable is called `aol`. Log in with default profile by simply running `aol` or specify a profile with `aol [profile]`. 

See `aol -h` for more options.


