Skip to content
This repository has been archived by the owner on Apr 7, 2022. It is now read-only.

RedVentures/oktad

Repository files navigation

This application is deprecated as of whenever this gets committed!

It'll still continue to work, but I'm not planning on maintaining it!

Please consider using segmentio/aws-okta instead! It does everything oktad ever officially did and more, like allowing you to adjust your AssumeRole session length per call!

oktad

okta-aws, but in go. This program authenticates with Okta and then assumes role twice in Amazon.

Installation

Grab a binary for your OS from the latest release, and put it somewhere in your PATH. Only supports Linux and OSX for now!

If you're on OSX like me, this might be all you need...

curl -L -o /usr/local/bin/oktad https://github.com/RedVentures/oktad/releases/download/`curl -v 'https://github.com/RedVentures/oktad/releases/latest' 2>&1 | grep Location | grep -E -o 'v[0-9]+\.[0-9]+\.[0-9]+'`/oktad-darwin-amd64 && chmod +x /usr/local/bin/oktad

Setup

First, create an ~/.okta-aws/config file with your Ookta base URL and app URL, like below:

[okta]
baseUrl=https://mycompany.okta.com/
appUrl=https://mycompany.okta.com/app/YOUR_APP/OKTA_MAGIC/sso/saml

Third, set up an AWS CLI config file. You need to create ~/.aws/config and fill it with a profile containing the ARN for a role you ultimately want to get temporary credentials for. This file might look like the following:

[default]
output = json
region = us-east-1

[profile my_subaccount]
role_arn = arn:aws:iam::MY_ACCOUNT_ID:role/wizards

With those things set up, you should be able to run oktad my_subaccount -- [command] to run whatever [command] is with a set of temporary credentials from Amazon.

Usage

$ oktad [AWS profile] -- [command]

for example

$ oktad production -- aws ec2 describe-instances

Debugging

Login didn't work? Launch this program with DEBUG=oktad* in your environment for more debugging info:

$ DEBUG=oktad* oktad production -- aws ec2 describe-instances

Contributors