AWS CLI with Okta

We will be using this solution: https://github.com/jmhale/okta-awscli

Prerequisites:

• Python3
  Windows: https://www.python.org/downloads/

• AWS CLI V1
  Windows: https://docs.aws.amazon.com/cli/latest/userguide/install-windows.html
  Mac: https://docs.aws.amazon.com/cli/latest/userguide/install-macos.html
  Linux: pip3 install awscli --upgrade --user

Install okta-awscli:

pip3 install okta-awscli

Initial setup:

1. Create aws profiles for dev and test.
   Run the following:
   aws configure set region us-east-1 --profile dev
aws configure set output text --profile dev
aws configure set region us-east-1 --profile test
aws configure set output text --profile test

2. Create the following file:
   Linux: ~/.okta-aws
   Windows: %USERPROFILE%.okta-aws
   With the following contents:

   [dev]
   username =
   factor = OKTA
   app-link = <copy link from app icon in okta>
   base-url = >your-company>.okta.com
   duration = 3600

   [test]
   username =
   factor = OKTA
   app-link = <copy link from app icon in okta>
   base-url = <your-company>.okta.com
   duration = 3600

Login and run aws commands:

okta-awscli --okta-profile dev --profile dev

After logging in with okta-awscli, your login is valid for an hour and you can use aws commands (using the --profile )

Login to ECR:

aws --profile dev ecr get-login --registry-ids <your-ecr-id> --no-include-email

This will generate a token that you can use to login with docker to the ECR to pull images.
It will actually output the full command you need to run, so just copy it and run.
It will look like this:
docker login -u AWS -p https://<your-ecr-id>.dkr.ecr.us-east-1.amazonaws.com