explaingit

moritzheiber/saml2aws

Analysis updated 2026-07-05 · repo last pushed 2020-02-17

Audience · ops devopsComplexity · 2/5DormantLicenseSetup · moderate

TLDR

A command-line tool that logs you into AWS using your company's existing single sign-on system, giving you temporary credentials that expire automatically instead of permanent access keys.

Mindmap

mindmap
  root((repo))
    What it does
      Logs into AWS via SSO
      Provides temporary credentials
      Saves named profiles
      Opens AWS web console
    Identity Providers
      Microsoft ADFS
      Okta
      PingFederate
      Google Apps and KeyCloak
    Use Cases
      Run AWS CLI commands
      Deploy code to AWS
      Manage multiple AWS accounts
      Run infrastructure scripts
    Audience
      Operations staff
      Developers
      Engineers with SSO
    Limitations
      Screen scraping approach
      One hour default sessions
      MFA supported
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Log into AWS from the terminal using your company single sign-on and get temporary credentials saved to a named profile.

USE CASE 2

Configure separate profiles for dev and test AWS accounts so you avoid accidentally running commands against the wrong environment.

USE CASE 3

Open the AWS web console in your browser directly after authenticating through your identity provider.

USE CASE 4

Run a specific AWS command with temporary credentials applied without permanently storing access keys.

What is it built with?

GoAWS CLISAML

How does it compare?

moritzheiber/saml2aws0xhassaan/nn-from-scratch0xzgbot/hermes-comfyui-skills
Stars00
LanguagePython
Last pushed2020-02-17
MaintenanceDormant
Setup difficultymoderatemoderateeasy
Complexity2/54/51/5
Audienceops devopsdeveloperdesigner

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires knowing your company's SAML identity provider details and the AWS accounts and roles available to you.

Use freely for any purpose, including commercial use, as long as you keep the copyright notice.

In plain English

saml2aws is a command-line tool that lets you log into Amazon Web Services using your company's existing identity system, things like Microsoft ADFS, Okta, PingFederate, Google Apps, or KeyCloak. Instead of dealing with long-lived access keys that can be a security risk, you get temporary credentials that expire automatically, usually within an hour. The practical benefit is straightforward: you can use the AWS command-line tools the same way you'd use any other terminal command, authenticated through the same login you already use for email and internal company systems. The tool walks you through a login prompt, talks to your identity provider behind the scenes, and trades that login for a short-lived set of AWS credentials. It saves those credentials under a named profile so your other AWS tools pick them up automatically. You can configure multiple named accounts if you work across different AWS environments, say, a dev account and a test account, which helps prevent accidentally running commands against the wrong infrastructure. There are also helper commands to open the AWS web console directly after logging in, or to run a specific command with the temporary credentials applied. The main audience is operations staff, developers, or anyone who needs command-line access to AWS but whose company enforces single sign-on through a SAML-based identity provider. A typical use case would be an engineer who needs to run infrastructure scripts or deploy code to AWS but doesn't want to manage permanent access keys. It's especially useful in organizations with multiple AWS accounts and roles, since you can configure separate profiles for each environment and even pre-select which role to assume on login. One tradeoff worth noting: the project relies heavily on screen scraping for most providers, meaning it essentially simulates a browser login rather than using a clean official API. The developers acknowledge this isn't ideal and hope vendors make it easier over time. Session length defaults to an hour but can be extended up to twelve hours via a flag, and multi-factor authentication is supported across several providers.

Copy-paste prompts

Prompt 1
How do I install and configure saml2aws to log into AWS using my company Okta or ADFS single sign-on?
Prompt 2
Show me how to set up multiple named profiles in saml2aws for different AWS accounts like dev and test environments.
Prompt 3
How do I use saml2aws to get temporary AWS credentials and then run an AWS CLI command with them applied?
Prompt 4
How can I extend the saml2aws session length beyond the default one hour and enable multi-factor authentication?
Prompt 5
Help me configure saml2aws to pre-select a specific AWS role to assume when I have multiple roles available through my identity provider.

Frequently asked questions

What is saml2aws?

A command-line tool that logs you into AWS using your company's existing single sign-on system, giving you temporary credentials that expire automatically instead of permanent access keys.

Is saml2aws actively maintained?

Dormant — no commits in 2+ years (last push 2020-02-17).

What license does saml2aws use?

Use freely for any purpose, including commercial use, as long as you keep the copyright notice.

How hard is saml2aws to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is saml2aws for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.