This program authenticates with Okta, assumes a provided role, and pulls a temporary key with STS to support the role assumption built into the aws cli.
Follow the instructions in the release for the version you want to install.
You should also ensure that the install location (usually ~/.cargo/bin) is in your PATH.
Grab a binary for your OS from the latest release, and put it somewhere in your PATH. Linux, MacOS and Windows OSes are supported.
Run oktaws init to have oktaws generate a config file for you.
You will be prompted for various config items.
Oktaws configuration resides in ~/.oktaws/<OKTA ACCOUNT>.toml files, and have the following fields:
username = '<USERNAME>'
role = '<DEFAULT ROLE>'
[profiles]
profile1 = '<OKTA APPLICATION NAME>'
profile2 = { application = '<OKTA APPLICATION NAME>', role = '<ROLE OVERRIDE>' }
The role value above is the name (not ARN) of the role you would like to log in as. This can be found when logging into the AWS console through Okta.
The ~/.aws/config file is read for information, but not modified.
See Assuming a Role for information on configuring the AWS CLI to assume a role.
You can run oktaws refresh profile1 to generate keys for a single profile, or just oktaws refresh to generate keys for all profiles.
$ oktaws refresh [AWS profile]
$ aws --profile [AWS profile] [command]for example
$ oktaws refresh production
$ aws --profile production ec2 describe-instancesLogin didn't work? Use the -v flag to emit more verbose logs. Add more -vs for increased verbosity:
$ oktaws refresh production -vvoktaws v0.15 contains potentially breaking changes to the interface by introducing subcommands.
If your profile name conflicts with a subcommand, then you must use the oktaws refresh <profile> syntax,
to disambiguate the profile from subcommands.
There are currently publish issues related to M1 macos artifacts. I recommend using x86_64 artifacts through rosetta until this is resolved
- Jonathan Morley [@jonathanmorley]