-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Federated Signin URL Generator #6365
Conversation
Codecov Report
@@ Coverage Diff @@
## develop #6365 +/- ##
========================================
Coverage 92.85% 92.85%
========================================
Files 204 207 +3
Lines 16298 16368 +70
========================================
+ Hits 15133 15199 +66
- Misses 1165 1169 +4
Continue to review full report at Codecov.
|
e837d7c
to
e6596f1
Compare
This would be really useful. I wrote a tool to do this but honestly it should just be part of the AWS CLI and someone already did the hard work for a PR. Why not merge this? |
eeaf718
to
16a2eec
Compare
I've rebased this PR and made some adjustments to account for codebase/convention changes since the original PR was submitted. |
Adds a signin "service" in similar fashion to the CLI's configure "service": * Using the AWS federation endpoint this command takes temporary credentials and returns a sign-in URL allowing a user to log in to the AWS Management Console using those temporary credentials. * Follows the published example code for 'Enabling custom identity broker access to the AWS console' in the AWS IAM User Guide. * The name `signin`, while generic and potentially confusing to new users, follows as close as possible to the global service naming convention similar to `iam.amazonaws.com` (`signin.aws.amazon.com`). * Resolves aws#4642 (feature request)
16a2eec
to
587fed5
Compare
I submitted this as an AWS customer, but now I'm internal to AWS as a Solutions Architect, you can find me internally ckabalan@. |
@ckabalan Great work on the PR. Any idea if you will get it merged soon? |
Any updates here? It would be fantastic to have this as a native part of the CLI. |
Hi: was this ultimately abandoned? It would be super useful! |
Hi all, thanks for your patience here. I brought this PR up for discussion with the team, and the consensus was that these changes are not under consideration at this time. This feature request would require a broad internal security review and this is not something that the team has bandwidth to prioritize right now. But we can continue tracking the corresponding feature request (#4642) going forward. |
Adds a signin "service" in similar fashion to the CLI's configure "service":
Using the AWS federation endpoint this command takes temporary
credentials and returns a sign-in URL allowing a user to log in to the
AWS Management Console using those temporary credentials.
Follows the published example code for 'Enabling custom identity
broker access to the AWS console' in the AWS IAM User Guide.
The name
signin
, while generic and potentially confusing to newusers, follows as close as possible to the global service naming convention
similar to
iam.amazonaws.com
(signin.aws.amazon.com
).Resolves Login into AWS console from cli #4642 (feature request)
Description of changes:
pep8
standards (viaflake8
) except one reference to a long documentation URL in a commentI contributed some updated examples/documentation to the aws-cli previously, but not new functionality. I'll monitor this PR for any questions or adjustments that need to be made.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.