Using Your Name.# Credentials with AWS Command Line Interface

When is this useful?

1. You would like to use the AWS CLI interactively using you regular name.n credentials you use to sign into the AWS console.
2. You would like the security benefit of a standard IDM credential rather than creating an AWS IAM credential.

What software is required?

In addition to the normal AWS CLI setup, you need to add the saml2aws client tool.

What are the installation and configuration steps?

Follow the core installation steps outlined at Github Core Installation Files.

When you configure the tool, use the following values:

• AWS profile = <specify you profile name>
• url = https://webauth.service.ohio-state.edu/idp/profile/SAML2/SOAP/ECP
• provider = ShibbolethECP
• mfa = push
• skip_verify = false
• timeout = 0
• aws_urn = urn:amazon:webservices
• aws_session_duration = 3600
• saml_cache = false

Summary of the usage process: type "saml2aws login", you will be prompted for your id/password.  You will get a DUO push.  You will need to select the role/account you want to assume.  After that you can start using regular AWS CLI commands.

You can start the login process and specify a profile. 

The following command saves it as your default AWS entry: saml2aws login --profile default.