Exploring the aws-google-auth Command-line Tool (with examples)

Exploring the aws-google-auth Command-line Tool (with examples)

Introduction

The aws-google-auth command-line tool allows users to acquire temporary AWS credentials, known as Security Token Service (STS) credentials, using Google Apps as a federated Single Sign-On (SSO) provider. This article will provide code examples for 8 different use cases of the aws-google-auth command, along with their motivations, explanations for each argument, and example outputs.

Use Case 1: Log in with Google SSO and set credentials duration

Code:

aws-google-auth -u example@example.com -I $GOOGLE_IDP_ID -S $GOOGLE_SP_ID -d 3600

Motivation:

This use case is helpful when you want to log in to AWS using Google SSO and specify the duration for which the generated AWS temporary credentials are valid. Setting the duration to one hour (3600 seconds) provides a balance between security and convenience.

Explanation:

  • -u example@example.com: Specifies the email address associated with the Google account used for authentication.
  • -I $GOOGLE_IDP_ID: Sets the Identity Provider (IDP) identifier, which represents Google Apps as the SSO provider.
  • -S $GOOGLE_SP_ID: Sets the Service Provider (SP) identifier, which represents your AWS account as the entity requesting authentication.
  • -d 3600: Specifies the duration in seconds for which the AWS temporary credentials will be valid.

Example Output:

Successful authentication and receipt of STS credentials for the specified duration.

Use Case 2: Prompting for the SAML role to use

Code:

aws-google-auth -u example@example.com -I $GOOGLE_IDP_ID -S $GOOGLE_SP_ID -d 3600 -a

Motivation:

When there are multiple SAML roles available for the user, prompting for the role selection ensures the user can choose the appropriate role based on their needs and permissions.

Explanation:

  • -a: Enables the prompt that asks the user to choose from the available SAML roles.

Example Output:

The tool lists the available SAML roles for the user to select from, and upon selection, the user is authenticated and STS credentials are generated for the specified duration.

Use Case 3: Resolving aliases for AWS accounts

Code:

aws-google-auth -u example@example.com -I $GOOGLE_IDP_ID -S $GOOGLE_SP_ID -d 3600 -a --resolve-aliases

Motivation:

Resolving AWS account aliases can be useful when the AWS accounts use aliases instead of their actual account IDs. By enabling the --resolve-aliases flag, the tool will automatically map the account aliases to their respective AWS account IDs during the authentication process.

Explanation:

  • --resolve-aliases: Instructs the tool to resolve AWS account aliases to their corresponding AWS account IDs.

Example Output:

The tool resolves the AWS account aliases and displays the associated account IDs. Successful authentication and STS credentials are generated for the specified duration.

Use Case 4: Viewing help information

Code:

aws-google-auth -h

Motivation:

When using a new tool or unfamiliar command, it is essential to access the help information to understand the available options, arguments, and their functionalities.

Explanation:

  • -h: Displays the help information for the aws-google-auth command.

Example Output:

The tool provides a detailed overview of the available options, arguments, and their usages.

Tags :

Related Posts

How to use the command `systemd-sysext` (with examples)

How to use the command `systemd-sysext` (with examples)

The systemd-sysext command is used to activate or deactivate system extension images.

Read More
Pueue Shutdown (with examples)

Pueue Shutdown (with examples)

Introduction Pueue is a command-line task management tool that allows users to manage and prioritize commands.

Read More
How to use the command "pacman-query" (with examples)

How to use the command "pacman-query" (with examples)

1. List installed packages and versions pacman --query Motivation: This command is useful when you want to get a complete list of all the packages installed on your Arch Linux system along with their versions.

Read More