Skip to content

saml-to/cli

Folders and files

NameName
Last commit message
Last commit date

Latest commit

author
GitHub Action
Jul 7, 2024
1b20c0c · Jul 7, 2024
Jul 7, 2024
Jul 7, 2024
Jan 14, 2022
Dec 8, 2021
Jul 7, 2024
Jul 7, 2024
Jul 7, 2024
Jul 7, 2024
Jul 7, 2024
Jul 7, 2024
Jul 7, 2024
Dec 6, 2021
Nov 3, 2023
Dec 8, 2021
Jul 7, 2024
Jan 3, 2022
Jul 7, 2024
Dec 7, 2021
Jul 7, 2024
May 4, 2022
Jan 17, 2022
Feb 28, 2023
Jul 7, 2024

Repository files navigation

SAML.to Command Line Interface

GitHub release (latest by date) GitHub issues GitHub Workflow Status

Introduction

This is the CLI for SAML.to. It allows for command-line AWS role assumption.

saml-to [command]

Commands:
  saml-to list-roles        Show roles that are available to assume
  saml-to login [provider]  Login to a provider
  saml-to assume [role]     Assume a role

Options:
  --help     Show help  [boolean]
  --version  Show version number  [boolean]

Installation

Please make sure the following is installed:

  • NodeJS v16+
  • npm or yarn or npx avaliable on the $PATH
  • (MacOS Alternative) Homebrew available on the $PATH

Using npm or yarn or npx

npm:

npm install -g saml-to
saml-to assume

yarn:

yarn global add saml-to
saml-to assume

npx:

npx saml-to assume

Using Homebrew (MacOS)

brew tap saml-to/tap
brew install saml-to
saml-to assume

Getting Started

Once the CLI is installed, run the following commands to login and assume roles:

# Saves a GitHub token with a user:email scope to ~/.saml-to/github-token.json
saml-to login github
# List available roles to assume
saml-to list-roles

If no logins or roles are available, an administrator for an AWS account should complete the initial setup.

Add the --help flag to any command for available options.

Assuming Roles

Interactive prompt for roles to assume:

saml-to assume

Or, if the full role name is known:

saml-to assume arn:aws:iam::123456789012:role/some-role

Alternatively, use the shorthand:

# Any distinct part of the role names in from saml-to list-roles will match
saml-to assume some-role # match by the role name
saml-to assume 123456789012 # match by the account ID

Check out the documentation for assume.

Setting Environment Variables

The --headless flag will output an expression to update your shell environment with a role.

bash, zsh, etc...

Use a subshell ($(...)) to set AWS_* related environment variables:

$(saml-to assume some-role --headless)
aws s3api list-buckets # or any desired `aws` command

Powershell

Use Invoke-Expression (iex) to set AWS_* related environment variables:

iex (saml-to assume some-role --headless)
aws s3api list-buckets # or any desired `aws` command

Initial Setup

Visit SAML.to Install to get started by connecting a GitHub User or Organization to an AWS Account.

Reporting Issues

Please Open a New Issue in GitHub if an issue is found with this tool.

Maintainers

Usage Metrics Opt-Out

If you do not want to be included in Anonymous Usage Metrics, ensure an environment variable named SAML_TO_DNT is set:

SAML_TO_DNT=1 npx saml-to

License

Apache-2.0 License