Using SAML on AWS from the CLI

Hey folks, I just wanted to write up a quick post about how I’m using SAML to login to the AWS CLI at work. There is plenty of content out there for how to configure access to the AWS console so I’m not going to talk about that. Instead, I will focus on how to use SAML for command line access using the AWS CLI tools. Specifically, how to get it working with Azure MFA and some of the issues I have run into along the way.

First, you can access the fully working sample at https://github.com/asagage/aws-saml-cli. Please feel free to fork, PR raise issues etc.

This code is based off the blog post here https://aws.amazon.com/blogs/security/how-to-implement-a-general-solution-for-federated-apicli-access-using-saml-2-0/ but was tweaked to work with Azure MFA.

By using this tool, now you can simply type `saml` at the mac command prompt, enter your username and password, authenticate on your MFA authenticator, then choose which SAML role to assume. The script will save your sts token into your shell for immediate use and store the credentials in your aws config profile under the “saml” profile for use up to one hour later.

When trying to follow the guide above, I ran into issues where the flow was a bit different since we were using Azure MFA in addition to ADFS. After a lot of trial and effort, I found the right parameters and syntax to get the requests fired off and to get a valid SAML response.

One issue we had was there was a different UI experience in Azure MFA if a user had a phone number set in the directory or not. So if you are seeing odd issues where the flow is different for different users, check the phone number field in Active directory.

Also please be aware that the max duration these credentials can be used is 1 hour due to a limit on the AssumeRoleWithSAML API call. Although you can extend this timeout with simple MFA on an IAM user, you can not extend this when assuming a SAML role.

How to change your life with a Rubik’s Cube

What if I told you that by playing with a simple children’s toy, you could better handle difficult challenges at work and in your personal life? Would you try it or would you just read this and tell yourself “that’s interesting, but I don’t really think it would do anything for me?” I found a secret in a common toy that will help you unlock your potential for life-long learning, upgrade your tenacity, and improve your ability to solve difficult problems in life and work. There have been over 350 million Rubik’s cubes sold, making it the best-selling toy of all time. Yet it is estimated that only 1% of people above age 10 in the US can actually solve the Rubik’s cube. Continue reading How to change your life with a Rubik’s Cube

3 Steps to a Winning Resume

I have been recruiting recently for a couple of positions available on my team at work. It always seems so difficult to find candidates that seem to be a good match for the position even though I just know that there are tons of people out there who would be great for the job. I thought I would take some time to share a recruiter’s view of the candidate search process so that you might be able to better let me know if you are a good match for the job. If you are a good match, I want to teach you how to make sure you are noticed and that I get the chance to talk with you about the position. Keep reading to learn how to create a winning resume that gets past the screening process and will get you hired!

Continue reading 3 Steps to a Winning Resume

Review of Test-Driven Infrastructure with Chef

Test-Driven Infrastructure with Chef
Bring Behavior-Driven Development to Infrastructure as Code
By Stephen Nelson-Smith; O’Reilly Media, Inc.

This is a review of Test-Driven Infrastructure with Chef, I picked up this book as I was wanting to learn more about using chef in my job as a Systems Engineer. We were just getting started with deploying chef into our infrastructure.

Continue reading Review of Test-Driven Infrastructure with Chef