DEV Community

Alex Yaroslavsky
Alex Yaroslavsky

Posted on • Edited on

AWS CLI with Okta

We will be using this solution: https://github.com/jmhale/okta-awscli

Prerequisites:

Install okta-awscli:

pip3 install okta-awscli

Initial setup:

  1. Create aws profiles for dev and test.
    Run the following:
    aws configure set region us-east-1 --profile dev
    aws configure set output text --profile dev
    aws configure set region us-east-1 --profile test
    aws configure set output text --profile test

  2. Create the following file:
    Linux: ~/.okta-aws
    Windows: %USERPROFILE%.okta-aws
    With the following contents:

    [dev]
    username =
    factor = OKTA
    app-link = <copy link from app icon in okta>
    base-url = >your-company>.okta.com
    duration = 3600

    [test]
    username =
    factor = OKTA
    app-link = <copy link from app icon in okta>
    base-url = <your-company>.okta.com
    duration = 3600

Login and run aws commands:

okta-awscli --okta-profile dev --profile dev

After logging in with okta-awscli, your login is valid for an hour and you can use aws commands (using the --profile )

Login to ECR:

aws --profile dev ecr get-login --registry-ids <your-ecr-id> --no-include-email

This will generate a token that you can use to login with docker to the ECR to pull images.
It will actually output the full command you need to run, so just copy it and run.
It will look like this:
docker login -u AWS -p https://<your-ecr-id>.dkr.ecr.us-east-1.amazonaws.com

Top comments (0)