aws-sso-google

AWS STS credentials via Google Workspace

Features:

• Seamless integration with the aws cli for secure, continuous and non-interactive STS session renewals.
• Support for all 2FA methods as provided by Google

Installation

Build from source

go install github.com/walkersumida/aws-sso-google@latest

Install via Homebrew

brew install walkersumida/tap/aws-sso-google

Usage

Add the following settings to ~/.aws/config.

ref: Source credentials with an external process

[profile example]
credential_process = aws-sso-google -c -u user@example.com -p example -i XXXXXXXXX -s 888888888888 --aws-region ap-northeast-1 --aws-role-arn arn:aws:iam::999999999999:role/RoleName

Then run the aws command as usual.

$ aws s3 ls

If the authentication has expired, the browser will start and the Google authentication screen will appear. If the authentication is successful, the result of the aws command will be displayed.

Help

$ aws-sso-google -h
Acquire AWS STS credentials via Google Workspace SAML in a browser

Usage:
  aws-sso-google [flags]

Flags:
  -p, --aws-profile string           AWS profile
  -e, --aws-region string            AWS region
  -r, --aws-role-arn string          AWS role arn
  -d, --aws-session-duration int32   AWS session duration in seconds (default 3600)
  -c, --clean                        Clean browser session
  -h, --help                         help for aws-sso-google
  -i, --idp-id string                Google SSO IdP identifier
  -s, --sp-id string                 Google SSO SP identifier
  -u, --username string              Google Email address
  -v, --version                      version for aws-sso-google