AWS CLI with Okta
Alex Yaroslavsky
Posted on July 13, 2020
We will be using this solution: https://github.com/jmhale/okta-awscli
Prerequisites:
Python3
Windows: https://www.python.org/downloads/AWS CLI V1
Windows: https://docs.aws.amazon.com/cli/latest/userguide/install-windows.html
Mac: https://docs.aws.amazon.com/cli/latest/userguide/install-macos.html
Linux:pip3 install awscli --upgrade --user
Install okta-awscli:
pip3 install okta-awscli
Initial setup:
Create aws profiles for dev and test.
Run the following:
aws configure set region us-east-1 --profile dev
aws configure set output text --profile dev
aws configure set region us-east-1 --profile test
aws configure set output text --profile test
-
Create the following file:
Linux: ~/.okta-aws
Windows: %USERPROFILE%.okta-aws
With the following contents:[dev]
username =
factor = OKTA
app-link = <copy link from app icon in okta>
base-url = >your-company>.okta.com
duration = 3600[test]
username =
factor = OKTA
app-link = <copy link from app icon in okta>
base-url = <your-company>.okta.com
duration = 3600
Login and run aws commands:
okta-awscli --okta-profile dev --profile dev
After logging in with okta-awscli, your login is valid for an hour and you can use aws commands (using the --profile )
Login to ECR:
aws --profile dev ecr get-login --registry-ids <your-ecr-id> --no-include-email
This will generate a token that you can use to login with docker to the ECR to pull images.
It will actually output the full command you need to run, so just copy it and run.
It will look like this:
docker login -u AWS -p https://<your-ecr-id>.dkr.ecr.us-east-1.amazonaws.com
Posted on July 13, 2020
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.