REST API To Flatten JSON
Flatten JSON is an simple REST API which takes a JSON object as input and parses into a key/value string. Here the key …
How to make AWS CLI call from local machine using federated login
Table of Contents
This article explains the steps required to make AWS CLI call from local machine using federated login. Steps described below are specific to windows operating system.
INSTALL REQUIRED SOFTWARE’S
Follow the below steps to install all required software. These steps have to be done only once on a given machine.
- Download and install the latest version of Node.js for your operating system from “https://nodejs.org/en/download/”. You can verify the installation was successful from PowerShell using the command
npm --version - Download and install the latest version of AWS CLI Using the MSI Installer from “https://docs.aws.amazon.com/cli/latest/userguide/install-windows.html#install-msi-on-windows”
- Download and install the latest version of latest version of AWS SAM (aka Serverless Application Model) CLI from “https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install-windows.html”
- aws-azure-login is a tool which allow you to generate AWS credentials (aka AWS Security Token Service (STS)) using your Azure account from the CLI. To install aws-azure-login, open PowerShell and issue the command
npm install -g aws-azure-login
This NPM module updates frequently. You should run npm update -g aws-azure-login from time to time to make sure you have the latest version.
CONFIGURE AWS-AZURE-LOGIN
Follow the below steps to configure aws-azure-login, please note this configuration is done at account level. You repeat the steps if you have multiple AWS accounts. You will need IAM Role ARN, Azure Tenant ID, Azure App ID URI and this can be obtained from your AWS admin.
- Run the below command in PowerShell and fill in the details.
aws-azure-login --configure --profile profileName - You should see a config created inside
C:\Users\{USERID}\.aws, You can also navigate from%SystemDrive%\Users\
GET YOUR ACCESS TOKEN
This step should be done every day since access tokens are valid only for 8 hours by default and maximum for 12 hours.
- Run below command from your PowerShell, here profile name will change based on the profile you need to login.
aws-azure-login --mode gui --profile profileName - You should see a message like “Assuming role arn:aws:iam:”
- This will also create a file named “credentials” inside
C:\Users\{USERID}\.aws, You can also navigate from%SystemDrive%\Users\ - Now issue
aws configureand use the content from credentials file. - You need to tell AWS CLI the location of the credential file, that would be using the below command.
setx AWS_SHARED_CREDENTIALS_FILE C:\Users\{USERID}\.aws\credentials
Alternatively, this variable can be set from the Environment Variables GUI also.
ISSUE AWS CLI COMMANDS
At this point we are ready to use AWS CLI, go ahead and issue your favorite AWS CLI commands and the syntax would be like aws s3 ls --profile profileName
CREDITS AND REFERENCES
Please see some of the key references listed below. All credits to the creators of aws-azure-login
- https://github.com/sportradar/aws-azure-login
- https://docs.aws.amazon.com/cli/latest/userguide/install-windows.html
- https://www.phillipsj.net/posts/azure-sso-aws-and-iam-roles
- https://www.npmjs.com/package/aws-azure-login
- https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html
- https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html
Comments
Related Articles
How to copy data between s3 buckets
Overview Transferring data between Amazon S3 buckets is a common requirement for many AWS users. This guide will walk …