It'll still continue to work, but I'm not planning on maintaining it!
Please consider using segmentio/aws-okta instead! It does everything oktad
ever officially did and more, like allowing you to adjust your AssumeRole
session length per call!
okta-aws, but in go. This program authenticates with Okta and then assumes role twice in Amazon.
Grab a binary for your OS from the latest release, and put it somewhere in your PATH. Only supports Linux and OSX for now!
If you're on OSX like me, this might be all you need...
curl -L -o /usr/local/bin/oktad https://github.com/RedVentures/oktad/releases/download/`curl -v 'https://github.com/RedVentures/oktad/releases/latest' 2>&1 | grep Location | grep -E -o 'v[0-9]+\.[0-9]+\.[0-9]+'`/oktad-darwin-amd64 && chmod +x /usr/local/bin/oktad
First, create an ~/.okta-aws/config
file with your Ookta base URL and app URL, like below:
[okta]
baseUrl=https://mycompany.okta.com/
appUrl=https://mycompany.okta.com/app/YOUR_APP/OKTA_MAGIC/sso/saml
Third, set up an AWS CLI config file. You need to create ~/.aws/config
and fill it with a profile containing the ARN for a role you ultimately want to get temporary credentials for. This file might look like the following:
[default]
output = json
region = us-east-1
[profile my_subaccount]
role_arn = arn:aws:iam::MY_ACCOUNT_ID:role/wizards
With those things set up, you should be able to run oktad my_subaccount -- [command]
to run whatever [command]
is with a set of temporary credentials from Amazon.
$ oktad [AWS profile] -- [command]
for example
$ oktad production -- aws ec2 describe-instances
Login didn't work? Launch this program with DEBUG=oktad*
in your environment for more debugging info:
$ DEBUG=oktad* oktad production -- aws ec2 describe-instances
- Dimitrios Arethas [darethas@redventures.com]
- Thomas Hopkins [thopkins@redventures.com]
- Todd Lunter [@tlunter]
- Gildas Le Nadan [@endemics]
- Lee Standen [@lstanden]