Analysis updated 2026-07-05 · repo last pushed 2020-02-17
Log into AWS from the terminal using your company single sign-on and get temporary credentials saved to a named profile.
Configure separate profiles for dev and test AWS accounts so you avoid accidentally running commands against the wrong environment.
Open the AWS web console in your browser directly after authenticating through your identity provider.
Run a specific AWS command with temporary credentials applied without permanently storing access keys.
| moritzheiber/saml2aws | 0xhassaan/nn-from-scratch | 0xzgbot/hermes-comfyui-skills | |
|---|---|---|---|
| Stars | — | 0 | 0 |
| Language | — | Python | — |
| Last pushed | 2020-02-17 | — | — |
| Maintenance | Dormant | — | — |
| Setup difficulty | moderate | moderate | easy |
| Complexity | 2/5 | 4/5 | 1/5 |
| Audience | ops devops | developer | designer |
Figures from each repo's GitHub metadata at analysis time.
Requires knowing your company's SAML identity provider details and the AWS accounts and roles available to you.
saml2aws is a command-line tool that lets you log into Amazon Web Services using your company's existing identity system, things like Microsoft ADFS, Okta, PingFederate, Google Apps, or KeyCloak. Instead of dealing with long-lived access keys that can be a security risk, you get temporary credentials that expire automatically, usually within an hour. The practical benefit is straightforward: you can use the AWS command-line tools the same way you'd use any other terminal command, authenticated through the same login you already use for email and internal company systems. The tool walks you through a login prompt, talks to your identity provider behind the scenes, and trades that login for a short-lived set of AWS credentials. It saves those credentials under a named profile so your other AWS tools pick them up automatically. You can configure multiple named accounts if you work across different AWS environments, say, a dev account and a test account, which helps prevent accidentally running commands against the wrong infrastructure. There are also helper commands to open the AWS web console directly after logging in, or to run a specific command with the temporary credentials applied. The main audience is operations staff, developers, or anyone who needs command-line access to AWS but whose company enforces single sign-on through a SAML-based identity provider. A typical use case would be an engineer who needs to run infrastructure scripts or deploy code to AWS but doesn't want to manage permanent access keys. It's especially useful in organizations with multiple AWS accounts and roles, since you can configure separate profiles for each environment and even pre-select which role to assume on login. One tradeoff worth noting: the project relies heavily on screen scraping for most providers, meaning it essentially simulates a browser login rather than using a clean official API. The developers acknowledge this isn't ideal and hope vendors make it easier over time. Session length defaults to an hour but can be extended up to twelve hours via a flag, and multi-factor authentication is supported across several providers.
A command-line tool that logs you into AWS using your company's existing single sign-on system, giving you temporary credentials that expire automatically instead of permanent access keys.
Dormant — no commits in 2+ years (last push 2020-02-17).
Use freely for any purpose, including commercial use, as long as you keep the copyright notice.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.