Multiple Okta profiles are supported, but if none are specified, then default will be used.Subsequent executions will first check if the STS credentials are still valid and skip Okta authentication if so.Follow the prompts to enter MFA information (if required) and choose your AWS app and IAM role.YubiKey (Requires library python-u2flib-host) HomePage.Google Authenticator Play Store | App Store.Per-application MFA support (added in version 0.4.0). Overridden by `-profile` command line flagĪpp-link = # Found in Okta's configuration for your AWS account.ĭuration = 3600 # duration in seconds to request a session token for, make sure your accounts (both AWS itself and the associated okta application) allow for large durations. Profile = # Sets your temporary credentials to a profile in `.aws/credentials`. Role = # AWS role name (match one of the options prompted for by "Please select the AWS role" when this parameter is not specified Password = # Only save your password if you know what you are doing!įactor = # Current choices are: GOOGLE or OKTA # You may be prompted for them, if they're not included here. Configure okta-awscli via the ~/.okta-aws file with the following parameters:.Execute okta-awscli -config and follow the steps to configure your Okta profile OR.To install with U2F support (Yubikey): pip3 install "okta-awscli".Since Python 2 is end-of-life (as of 2020-JAN-01), feature requests and PRs to add Python 2 support will likely not be accepted, outside of extreme circumstances. Running it with Python 2 may work, but it is not supported. and this tool has no affiliation with or sponsorship by Okta, Inc. Okta is a registered trademark of Okta, Inc. However, since we only need to look for the SAML assertion in a single, predictable tag,
0 Comments
Leave a Reply. |