Skip to content

devops-infra/docker-okta-aws-sso

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

61 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

Docker image for AWS Single Sign-On with Okta.

Dockerized (devopsinfra/docker-okta-aws-sso) Single Sign-On solution for Amazon Web Services via Okta.

Okta is one of the leaders of SSO solutions, but lacks native CLI tools.

The best, in my humble opinion, tool that fixes that problem is gimme-aws-creds made by Nike Inc.. More of their interesting work can be found on Nike-Inc.

Currently, supporting v2.3.4 of gimme-aws-creds.

For details information about gimme-aws-creds's configuration please refer to README.md.
Docker's entrypoint is the binary of gimme-aws-creds and can accept any parameters, even when running as an alias, or a function (check usage below).
It supports Multi Factor Authentication. Not only with authenticator app but even with Yubikey (without PIN).

This Docker image just packs the tool to quickly reuse it without the need of installing with Python.
It should have access only to following configuration files:

Badge swag

GitHub GitHub code size in bytes GitHub last commit Push to master Push to other
DockerHub Image size Docker Pulls

Prerequisites

  • Operating system: MacOS, Linux or Windows Subsystem for Linux.
  • Software: Docker
  • AWS: IAM roles prepared for users to assume. IAM user for Okta properly configured.
  • Okta: Okta connected via SAML with AWS. Users having assigned AWS application and chosen proper roles.

Configuration

For ease of reuse create alias or a function in your shell. For example in ~/.profile enter following:

function okta-aws() {
    docker run --rm \
        --user $(id -u):$(id -g) \
        --volume $(pwd)/.okta_aws_login_config:/.okta_aws_login_config \
        --volume $(pwd)/.aws/credentials:/.aws/credentials \
        -it devopsinfra/docker-okta-aws-sso:latest "$@";
}

Run the interactive installer by executing: okta-aws --action-configure.

For more information run okta-aws --help.

Simplest configuration file:

[DEFAULT]
okta_username = user.name@domain.com
aws_rolename =
cred_profile = default
aws_default_duration = 3600
okta_org_url = https://dev-123456.okta.com
app_url = https://dev-123456.okta.com/home/amazon_aws/1fD3c8s3mfhMHxF1o9id/272
preferred_mfa_type = token:software:totp
device_token =
gimme_creds_server = appurl
write_aws_creds = True
resolve_aws_alias = True
remember_device = True
output_format = json

Parameters, like password, can be also passed via environment variables for reuse. But keep in mind security concerns.

Running

Depending on the configuration (above) new AWS credentials can be obtained by running:

  • for a default action: okta-aws
  • for a selected profile okta-aws --profile Administrator

About

Docker image for AWS Single Sign-On with Okta.

shyper.pro/

Topics

devops automation docker-image devops-tools okta single-sign-on aws-sso christophshyper gimme-aws-creds

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages