Versions Compared

Old Version 10

changes.mady.by.user Paul Allen

Saved on

compared with

New Version 11

changes.mady.by.user Paul Allen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
$ aws login
Password: ********
Factor: push
Please choose the role you would like to assume:
     Account: 000011112222
         [ 0 ]: shib-csadmin
     Account: 777788889999
         [ 1 ]: shib-admin
         [ 2 ]: shib-cs
         [ 3 ]: shib-dba
Selection: 1
$ aws sts get-caller-identity
{
    "UserId": "AROAICCPMY7VALLFYHWPA:pea1@cornell.edu",
    "Account": "777788889999",
    "Arn": "arn:aws:sts::777788889999:assumed-role/shib-admin/pea1@cornell.edu"
}
Note

The options for "Factor" are "push", "sms", "phone", "auto".

Advanced Use

 

Code Block
$ aws --profile foo login configure
ECP Endpoint URL [None]: https://shibidp-test.cit.cornell.edu/idp/profile/SAML2/SOAP/ECP
Username [None]: pea1
Enable Keyring [False]: True
Duo Factor [None]: auto
Role ARN [None]: arn:aws:stsiam::777788889999111111111111:assumed-role/shib-admin/pea1@cornell.edu

$ aws --profile bar login configure
ECP Endpoint URL [None]: https://shibidp-test.cit.cornell.edu/idp/profile/SAML2/SOAP/ECP
Username [None]: pea1
Enable Keyring [False]: True
Duo Factor [None]: auto
Role ARN [None]: arn:aws:stsiam::000011112222222222222222:assumed-role/shib-cs/pea1@cornell.eduadmin
 
$ aws --profile foo login
 
$ aws --profile bar login
 Password: **************
# Provided second factor out of band
$ aws --profile foo sts get-caller-identity
{
    "Arn": "arn:aws:sts::111111111111:assumed-role/shib-admin/pea1@cornell.edu",
    "Account": "111111111111",
    "UserId": "XXXXICCPMY7VALLFXXXX:pea1@cornell.edu"
}

 
$ aws --profile bar login
Password: **************
# Provided second factor out of band
$ aws --profile foo sts get-caller-identity
{
    "Arn": "arn:aws:sts::222222222222:assumed-role/shib-admin/pea1@cornell.edu",
    "Account": "222222222222",
    "UserId": "YYYYICCPMY7VALLFYYYY:pea1@cornell.edu"
}