This script is intended to facilitate Active Directory Federated Sign On to AWS. Upon successful authentication, temporary keys are written to a 'SAML' profile in
C:\Users\<your_username>\.aws\credentials (Windows) or
~/.aws/credentials (Mac). These keys are used as valid credentials for authenticating to AWS CLI and API.
- Docker (either Docker for Windows or Docker for Mac)
- C:\ is configured as a Shared Drive in Docker (Windows Only)
- AWS CLI or an AWS SDK (so you can actually do useful things once authenticated)
ensure you have a
C:\Users\<your_username>\.aws\credentials(Windows) file with at least this much contents:
[default] output = json region = eu-west-1 aws_access_key_id = aws_secret_access_key =
Note: An AWS access key pair is not configured in the above structure because the initial AWS STS call is authenticated by the SAML assertion returned by the trusted IdP. All subsequent API/CLI calls are authenticated by the key pair contained within the returned AWS STS token.
Open PowerShell and run
docker run -it --rm -v $Env:USERPROFILE/.aws/credentials:/root/.aws/credentials --name aws-saml-auth sclausson/aws-saml-auth
docker run -it --rm -v ~/.aws/credentials:/root/.aws/credentials --name aws-saml-auth sclausson/aws-saml-auth
- When prompted, enter your username in the form of `firstname.lastname@example.org`
- When prompted, enter your valid Active Directory password
- Once validated, run cli commands using the profile flag, e.g.
aws --profile saml s3 ls
- If you don't want to have to use the
--profileswitch everytime you run the awscli, you can set
If you need to set up Docker Shared Drive, follow these steps:
- Right click on the Docker whale icon in your system tray and choose Settings...
- Select 'Shared Folders' and click the checkbox next to C, then click Apply.
Shayne Clausson email@example.com