Metadata-Version: 2.0
Name: awsprocesscreds
Version: 0.0.1
Summary: AWS Process Credential Providers.
Home-page: UNKNOWN
Author: Amazon Web Services
Author-email: UNKNOWN
License: Apache License 2.0
Description-Content-Type: UNKNOWN
Keywords: aws credentials
Platform: UNKNOWN
Classifier: Development Status :: 2 - Pre-Alpha
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: Natural Language :: English
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.3
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6
Requires-Dist: botocore (<2.0.0,>=1.8.1)
Requires-Dist: six (<2.0.0,>=1.8.0)
Requires-Dist: requests (<3.0.0,>=2.7.0)

================================
AWS Process Credential Providers
================================

A collection of process-based credential providers to be used with the AWS CLI
and related tools.


SAML Forms-Based Authentication
-------------------------------

If you have a SAML identity provider, you can use `awsprocesscreds-saml` to
configure programmatic access to your AWS resources. It has four required
arguments:

* ``-e / --endpoint`` - Your SAML idp endpoint.
* ``-u / --username`` - Your SAML username.
* ``-p / --provider`` - The name of your SAML provider. Currently okta and
  adfs are supported.
* ``-a / --role-arn``- The role arn you wish to assume. Your SAML provider
  must be configured to give you access to this arn.


This will cache your credentials by default, which will allow you to run
multiple commands without having to enter your password each time. You can
disable the cache by specifying ``--no-cache``.

Additionally, you can show logs by specifying ``-v`` or ``--verbose``.

To configure this provider, you need create a profile using the
``credential_process`` config variable. See the `AWS CLI Config docs`_
for more details on this config option.


Example okta configuration::

    [profile okta]
    region = us-west-2
    credential_process = awsprocesscreds-saml -e https://example.okta.com/home/amazon_aws/blob/123 -u 'monty@example.com' -p okta -a arn:aws:iam::123456789012:role/okta-dev

Example adfs configuration::

    [profile adfs]
    region = us-west-2
    credential_process = awsprocesscreds-saml -e 'https://corp.example.com/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices' -u Monty -p adfs -a arn:aws:iam::123456789012:role/ADFS-Dev

.. _AWS CLI Config docs: http://docs.aws.amazon.com/cli/latest/topic/config-vars.html#cli-aws-help-config-vars


