A helper script providing an easy-to-use command line interface to login and retrieve AWS temporary credentials for multiple roles across different accounts using saml2aws.
All notable changes to this project will be documented in CHANGELOG.
Supports Python 3.10, 3.11, 3.12, 3.13
- Poetry - Modern dependency management
- Makefile - Convenient command shortcuts for common tasks
- pytest - Testing framework with coverage reporting
- black - Code formatting
- flake8 - Python code linting
- CodeQL - Automated security analysis (workflow)
- Secrets Scan - Gitleaks and TruffleHog for detecting hardcoded secrets (workflow)
- Snyk - Vulnerability scanning (workflow)
- Dependabot - Automated dependency updates (config)
- GitHub Actions - Automated testing across Python 3.10-3.13
- Codecov - Code coverage reporting
- Stale Issue Management - Automatically closes inactive issues
$ awslogin --help Usage: awslogin [OPTIONS] COMMAND [ARGS]... Get credentials for multiple accounts with saml2aws Options: -l, --shortlisted TEXT Show only roles with the given keyword(s); e.g. -l keyword1 -l keyword2... -s, --pre-select TEXT Pre-select roles with the given keyword(s); e.g. -s keyword1 -s keyword2... -n, --profile-name-format [RoleName|RoleName-AccountAlias] Set the profile name format. [default: RoleName] -r, --refresh-cached-roles Re-retrieve the roles associated to the username and password you providedand save the roles into <home>/.saml2aws- multi/aws_login_roles.csv. [default: False] -t, --session-duration TEXT Set the session duration in seconds, -b, --browser-autofill Enable browser-autofill. -d, --debug Enable debug mode. [default: False] --help Show this message and exit. Commands: chained List chained role profiles specified in ~/.aws/config switch Switch default profile whoami Who am I? -
When you run
awsloginthe first time, the script retrieves the roles associated to the username and password you provided, then saves the roles to<user_home>/.saml2aws-multi/aws_login_roles.csv, such that the script does not need to calllist_rolesevery time you runawslogin.For example, if you have role ARNs like:
RoleArn, AccountAlias arn:aws:iam::123456789012:role/aws-01-dev, aws-01 arn:aws:iam::123456789012:role/aws-01-tst, aws-01 arn:aws:iam::213456789012:role/aws-02-dev, aws-02 arn:aws:iam::313456789012:role/aws-03-dev, aws-03Then, the profile names will look like
To refresh the content of
aws_login_roles.csv, just runawslogin --refresh-cached-roles -
When you run
awslogin, the script pre-selects the options you selected last time. -
Use
--pre-selector-sto pre-select option by keyword(s).awslogin -s dev -s tst -
Use
--shortlistedor-lto show the list of roles having profile name matching the given keyword(s).awslogin -l dev -l tst -
To change your
defaultprofile in<user_home>/.aws/credentials, runawslogin switch -
If you have roles in different accounts with the same role names, you can use
--profile-name-format RoleName-AccountAlias, such that the profile names will include both role name and account alias. Alternatively, you can also changeDEFAULT_PROFILE_NAME_FORMATin the code toRoleName-AccountAlias.For example, if you have role ARNs like:
RoleArn, AccountAlias arn:aws:iam::123456789012:role/dev, aws-01 arn:aws:iam::123456789012:role/tst, aws-01 arn:aws:iam::213456789012:role/dev, aws-02 arn:aws:iam::313456789012:role/dev, aws-03Then, the profile names will look like
Before installing, ensure you have:
- Python 3.10+ installed
- saml2aws installed
- See install-saml2aws.sh for a Linux installation script
- For other platforms, follow the official installation guide
- saml2aws config file (
~/.saml2aws) - Runsaml2aws configureto create
Choose the installation method that best fits your use case:
pipx installs the CLI in an isolated environment while making it globally available:
# Install pipx if needed pip install pipx # Install saml2awsmulti pipx install . # Run from anywhere awslogin --help awslogin# Install directly with pip pip install . # Run the CLI awslogin --help awsloginFor contributing or development work:
# Quick setup (recommended for first-time setup) make setup-init # Manual setup (alternative) make setup-venv # Configure Poetry virtualenv make install-all # Install all dependencies # Run with Poetry poetry run awslogin --help poetry run awslogin # Or activate the virtualenv poetry shell awslogin # View all available commands make helpmake setup-init # First-time setup (configure, lock, install everything) make help # Show all available commands make install-all # Install all dependencies (main, dev, test) make test # Run tests without coverage make test-with-coverage # Run tests with coverage make format-python # Auto-format Python code make lint-python # Lint Python code make lint-yaml # Lint YAML files make pre-commit # Run all quality checks (format, lint, test) make build # Build the package make clean # Clean build artifacts# Run tests with coverage make test-with-coverage # Run tests only make test # Format and lint code make format-python make lint-python make lint-yaml # Run all quality checks before committing make pre-commit# Update dependencies to latest compatible versions make update-deps # Regenerate lock file make locksaml2aws-multi/ βββ .github/ β βββ workflows/ # CI/CD workflows β βββ dependabot.yml # Dependency updates config βββ saml2awsmulti/ # Main Python package β βββ __init__.py β βββ aws_login.py # Main CLI logic β βββ file_io.py β βββ saml2aws_helper.py β βββ selector.py βββ tests/ # Unit tests β βββ test_aws_login.py β βββ test_file_io.py β βββ test_saml2aws_helper.py β βββ test_selector.py βββ pyproject.toml # Project metadata and dependencies βββ Makefile # Build and test commands βββ CHANGELOG.md # Version history and changes βββ CODE_OF_CONDUCT.md # Community guidelines βββ CONTRIBUTING.md # Contribution guidelines βββ SECURITY.md # Security policy βββ README.md # This file Contributions are welcome! Please see:
- CONTRIBUTING.md - Contribution guidelines
- CODE_OF_CONDUCT.md - Community standards
For security issues, please see SECURITY.md for our security policy and reporting guidelines.