# AWS SSO Credential Helper
AWSの認証を、AWS SSO (IAM Identity Center)を使って組織のユーザーディレクトリと連携されているケースは多いのではないでしょうか。
また、SSOでの認証後、各プロダクト・プロジェクト毎の専用ロールへスイッチロールが必要な場合も多いかと思います。
AWS SSO Credential Helperは、AWS SSOを通した認証と、その後のスイッチロールでの一時認証情報の取得を助けます。
実行時には、必要に応じてブラウザにて認証確認を求められますので、許可して下さい。
AWS SSOの認証tokenはファイルにキャッシュし、有効期間内であれば再利用します。
また、キャッシュはホームディレクトリにファイルとして保存し、Credential Helperを使った複数のプログラムで共有して利用することができます。
## Pypi
https://pypi.org/project/aws-sso-credential-helper/
## Usage
### 1. Create Instance
```python
from aws_sso_credential_helper import CredentialHelper
credential_helper = CredentialHelper(
start_url="d-xxxxxxxxxx.awsapps.com/start",
region_name="ap-northeast-1"
)
```
- start_url : AWSアクセスポータルのURL
- region_name : 対象とするIAM Identity Centerのリージョン
### 2. Get Credentials
```python
credentials = credential_helper.get_swrole_credentials(
sso_account_id="123456789",
sso_role_name="ssoRoleName",
sw_role_arn="arn:aws:iam::123456789012:role/sw-role-name"
)
```
- sso_account_id : アクセスポータルのあるAWSアカウントID
- sso_role_name : SSOでログインするロール
- sw_role_arn : SSOでログイン後、スイッチロールする先のロールのARN
### 3. Create boto3 client with credentials
```python
lambda_client = boto3.client(
"lambda",
region_name="ap-northeast-1",
aws_access_key_id=credentials["AccessKeyId"],
aws_secret_access_key=credentials["SecretAccessKey"],
aws_session_token=credentials["SessionToken"],
)
```
### Credentials
```python
{
'AccessKeyId': 'XXXXXXXXXXXXX',
'SecretAccessKey': 'YYYYYYYYY',
'SessionToken': 'ZZZZZZZZZZ',
'Expiration': 有効期限,
}
```
## How to install
install from pypi
```python
pip install aws-sso-credential-helper
```
Raw data
{
"_id": null,
"home_page": "https://github.com/nbtd/aws-sso-credential-helper",
"name": "aws-sso-credential-helper",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": null,
"keywords": "aws sso credential helper",
"author": "nbtd",
"author_email": "baconss11@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/87/4d/d444c4be66b0d0886b16f5ebb8a6b1b589d3afb5c7b5993f16710ee91342/aws_sso_credential_helper-1.0.0.tar.gz",
"platform": null,
"description": "# AWS SSO Credential Helper\n\nAWS\u306e\u8a8d\u8a3c\u3092\u3001AWS SSO (IAM Identity Center)\u3092\u4f7f\u3063\u3066\u7d44\u7e54\u306e\u30e6\u30fc\u30b6\u30fc\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3068\u9023\u643a\u3055\u308c\u3066\u3044\u308b\u30b1\u30fc\u30b9\u306f\u591a\u3044\u306e\u3067\u306f\u306a\u3044\u3067\u3057\u3087\u3046\u304b\u3002 \n\u307e\u305f\u3001SSO\u3067\u306e\u8a8d\u8a3c\u5f8c\u3001\u5404\u30d7\u30ed\u30c0\u30af\u30c8\u30fb\u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u6bce\u306e\u5c02\u7528\u30ed\u30fc\u30eb\u3078\u30b9\u30a4\u30c3\u30c1\u30ed\u30fc\u30eb\u304c\u5fc5\u8981\u306a\u5834\u5408\u3082\u591a\u3044\u304b\u3068\u601d\u3044\u307e\u3059\u3002\n\nAWS SSO Credential Helper\u306f\u3001AWS SSO\u3092\u901a\u3057\u305f\u8a8d\u8a3c\u3068\u3001\u305d\u306e\u5f8c\u306e\u30b9\u30a4\u30c3\u30c1\u30ed\u30fc\u30eb\u3067\u306e\u4e00\u6642\u8a8d\u8a3c\u60c5\u5831\u306e\u53d6\u5f97\u3092\u52a9\u3051\u307e\u3059\u3002 \n\n\u5b9f\u884c\u6642\u306b\u306f\u3001\u5fc5\u8981\u306b\u5fdc\u3058\u3066\u30d6\u30e9\u30a6\u30b6\u306b\u3066\u8a8d\u8a3c\u78ba\u8a8d\u3092\u6c42\u3081\u3089\u308c\u307e\u3059\u306e\u3067\u3001\u8a31\u53ef\u3057\u3066\u4e0b\u3055\u3044\u3002 \nAWS SSO\u306e\u8a8d\u8a3ctoken\u306f\u30d5\u30a1\u30a4\u30eb\u306b\u30ad\u30e3\u30c3\u30b7\u30e5\u3057\u3001\u6709\u52b9\u671f\u9593\u5185\u3067\u3042\u308c\u3070\u518d\u5229\u7528\u3057\u307e\u3059\u3002 \n\u307e\u305f\u3001\u30ad\u30e3\u30c3\u30b7\u30e5\u306f\u30db\u30fc\u30e0\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u30d5\u30a1\u30a4\u30eb\u3068\u3057\u3066\u4fdd\u5b58\u3057\u3001Credential Helper\u3092\u4f7f\u3063\u305f\u8907\u6570\u306e\u30d7\u30ed\u30b0\u30e9\u30e0\u3067\u5171\u6709\u3057\u3066\u5229\u7528\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\n\n## Pypi\nhttps://pypi.org/project/aws-sso-credential-helper/\n\n## Usage\n\n### 1. Create Instance\n```python\nfrom aws_sso_credential_helper import CredentialHelper\n\ncredential_helper = CredentialHelper(\n start_url=\"d-xxxxxxxxxx.awsapps.com/start\",\n region_name=\"ap-northeast-1\"\n )\n```\n - start_url : AWS\u30a2\u30af\u30bb\u30b9\u30dd\u30fc\u30bf\u30eb\u306eURL\n - region_name : \u5bfe\u8c61\u3068\u3059\u308bIAM Identity Center\u306e\u30ea\u30fc\u30b8\u30e7\u30f3\n\n### 2. Get Credentials\n```python\ncredentials = credential_helper.get_swrole_credentials(\n sso_account_id=\"123456789\",\n sso_role_name=\"ssoRoleName\",\n sw_role_arn=\"arn:aws:iam::123456789012:role/sw-role-name\"\n )\n```\n - sso_account_id : \u30a2\u30af\u30bb\u30b9\u30dd\u30fc\u30bf\u30eb\u306e\u3042\u308bAWS\u30a2\u30ab\u30a6\u30f3\u30c8ID\n - sso_role_name : SSO\u3067\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u30ed\u30fc\u30eb\n - sw_role_arn : SSO\u3067\u30ed\u30b0\u30a4\u30f3\u5f8c\u3001\u30b9\u30a4\u30c3\u30c1\u30ed\u30fc\u30eb\u3059\u308b\u5148\u306e\u30ed\u30fc\u30eb\u306eARN\n\n### 3. Create boto3 client with credentials\n```python\nlambda_client = boto3.client(\n \"lambda\",\n region_name=\"ap-northeast-1\",\n aws_access_key_id=credentials[\"AccessKeyId\"],\n aws_secret_access_key=credentials[\"SecretAccessKey\"],\n aws_session_token=credentials[\"SessionToken\"],\n )\n```\n### Credentials\n```python\n{\n 'AccessKeyId': 'XXXXXXXXXXXXX',\n 'SecretAccessKey': 'YYYYYYYYY',\n 'SessionToken': 'ZZZZZZZZZZ',\n 'Expiration': \u6709\u52b9\u671f\u9650,\n}\n```\n\n## How to install\n\ninstall from pypi\n```python\npip install aws-sso-credential-helper\n```\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": null,
"version": "1.0.0",
"project_urls": {
"Homepage": "https://github.com/nbtd/aws-sso-credential-helper"
},
"split_keywords": [
"aws",
"sso",
"credential",
"helper"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "a773c707c8ace9304e264a0106d4a2e30f72e92a9b3bca741f768c6d7a36f2af",
"md5": "dc1a3405f8e84b00e0688d3430e72a42",
"sha256": "9b69de904722cd0a658f3fba6f28f01acebfd7f3d333a3f750d0ac83c5e95344"
},
"downloads": -1,
"filename": "aws_sso_credential_helper-1.0.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "dc1a3405f8e84b00e0688d3430e72a42",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 5457,
"upload_time": "2024-12-04T04:31:20",
"upload_time_iso_8601": "2024-12-04T04:31:20.015611Z",
"url": "https://files.pythonhosted.org/packages/a7/73/c707c8ace9304e264a0106d4a2e30f72e92a9b3bca741f768c6d7a36f2af/aws_sso_credential_helper-1.0.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "874dd444c4be66b0d0886b16f5ebb8a6b1b589d3afb5c7b5993f16710ee91342",
"md5": "6f134e1dde17f816f22c92e7c18d1a51",
"sha256": "a2f690db3d04bb16c7f50273cb57534f820b148dfb2d070393207058d5fa9725"
},
"downloads": -1,
"filename": "aws_sso_credential_helper-1.0.0.tar.gz",
"has_sig": false,
"md5_digest": "6f134e1dde17f816f22c92e7c18d1a51",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 4773,
"upload_time": "2024-12-04T04:31:21",
"upload_time_iso_8601": "2024-12-04T04:31:21.270865Z",
"url": "https://files.pythonhosted.org/packages/87/4d/d444c4be66b0d0886b16f5ebb8a6b1b589d3afb5c7b5993f16710ee91342/aws_sso_credential_helper-1.0.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-12-04 04:31:21",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "nbtd",
"github_project": "aws-sso-credential-helper",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [
{
"name": "boto3",
"specs": []
}
],
"lcname": "aws-sso-credential-helper"
}
JSON
