Awesome
zsh-saml2aws
oh-my-zsh plugin for saml2aws
Requirements
Installation
oh-my-zsh
This plugin is intended to be used with oh-my-zsh
$ cd ~/.oh-my-zsh/custom/plugins(you may have to create the folder)$ git clone git@github.com:onyxraven/zsh-saml2aws.git- In your .zshrc, add
zsh-saml2awsto your oh-my-zsh plugins:
plugins=(
git
ruby
zsh-saml2aws
)
zgen
- add
zgen load onyxraven/zsh-saml2awsto your '!saved/save' block zgen update
zinit
Use it like other oh-my-zsh plugins.
zinit snippet https://github.com/onyxraven/zsh-saml2aws/blob/main/zsh-saml2aws.plugin.zsh
Aliases
In any case <exec-profile> is available in a shortcut alias below, it is positional, but optional. If you do not specify a profile, it will use the 'base' role you have assumed. For these commands, any extra parameters are passed to saml2aws, so use -- to separate your flags from a command. Each of the commands with a profile also have autocompletion from your loaded ~/.aws/config file enabled.
| Alias | parameters | description |
|---|---|---|
| sa | saml2aws command shortcut alias | |
| sal | login to IDP (skips prompts by default, and uses the session duration var) | |
| sae | <exec-profile> <command> | execute a command as the profile, with the session duration var |
| sash | <exec-profile> | open a shell as the profile, with the session duration var |
| sas | <exec-profile> | print shell export script for profile, with the session duration var |
| sase | <exec-profile> | print env file format for profile, with the session duration var |
| salr | list roles available to login as | |
| sac | <exec-profile> | Open a browser to the logged in AWS console |
| said | output of aws sts get-caller-identity for assumed role ($profile optional) |
saml2aws configuration
| ENV var | example | information |
|---|---|---|
| SAML2AWS_LOGIN_SESSION_DURATION | 43200 | Length of time (seconds) the "root" federation session is available. This can be up to 12 hours (in seconds). |
| SAML2AWS_SESSION_DURATION | 3600 | Length of time (seconds) the role assume session is available. This can be up to 1 hour (in seconds). |
Examples
Assume the staging profile and run an aws command
sae staging -- aws sts get-caller-identity
Assume the login role and start a shell (same as you are using) with that context
sash
Thanks
- Inspired by zsh-aws-vault