Show HN: An easy way to assume AWS IAM roles on your Laptop or in GitHub Actions (opens in new tab)

(saml.to)

1 pointscnuss3y ago2 comments

Hey everyone!

I've made a service to allow developers easy access to AWS IAM Roles using GitHub Identity.

This way, an organization or AWS account owner can quit generating AWS IAM Credentials to users or GitHub Repositories, and use the saml-to CLI or assume-aws-role-action to federate roles.

2 comments

brodouevencode3y ago

What's the difference between this and using the role_arn in the credentials file? (https://docs.aws.amazon.com/cli/latest/userguide/cli-configu...)

cnussOP3y ago

thanks for the question!

this completely eliminates the need to juggle ~/.aws/* files, or downloading or generation of one or more web identity token files, or complicated trust to a single root account

using a single GitHub token identifying the user, the saml.to backend exchanges that token for the desired account and credentials simply based on providing the desired role name as input

zero knowledge on how to authenticate the aws cli is necessary, which I've found as a high friction point for administrators and developers to get right

let me know if you have any more questions or feedback!

j / k navigate · click thread line to collapse