Wrapper that makes aws-okta cred-process communicate with the user via tmux panes.
- Place
aws-okta-tmuxsomewhere on your$PATH. - Replace
aws-oktawithaws-okta-tmuxin your~/.aws/config.
Example ~/.aws/config contents:
[default]
region = eu-west-1
[profile okta]
aws_saml_url = app/fulhackindustries/excorcismneeded/sso/saml
region = eu-west-1
# Unspecific profiles, using any of these with the aws cli might pop up a list
# of roles for you to choose from. Depending on your saml configuration.
[profile default]
source_profile = okta
credential_process = aws-okta-tmux cred-process okta
# Specific target roles - usable by `aws-okta` directly only.
# Actual AWS SDK roles defined later.
[profile fulhack_dev_admin]
role_arn = arn:aws:iam::6666666666:role/fulhack-dev-admin
[profile fulhack_prod_admin]
role_arn = arn:aws:iam::6666666666:role/fulhack-prod-admin
# Useable AWS CLI/SDK profiles (Usable from AWS SDK tools such as AWS CLI)
[profile dev]
credential_process = aws-okta-tmux cred-process fulhack_dev_admin
[profile prod]
credential_process = aws-okta-tmux cred-process fulhack_prod_admin
Now, there are only two profiles here which are usable by the AWS CLI - dev and prod.
The others are for aws-okta, such as: aws-okta login fulhack_dev_admin to take you to the AWS Console.
AWS_PROFILE=dev aws eks update-kubeconfig --name cluster_name --alias cluster_nameIf you do this, the configuration should end up with an AWS_PROFILE environment variable set in the Kubernetes configuration file and thus kubectl commands should be able to be run without any other tricks needed.