Skip to content

JustDevZero/GAWS

Repository files navigation

Google Amazon Wrapper Single sign on

Or just gaws it's a wrapper that allows you to run aws commands.

Either aws cli scripts or any aws sdk along a collection of multiple accounts.

This is really usefull when you're something like a hosting provider and have servers along different accounts.

By using this you won't need to authenticate by your self multiple times as it will do it automatically for you.

It's important that your accounts are onboared in the Google Single Sign On service.

Important Data

You will need to know Google's assigned Identity Provider ID, and the ID that they assign to the SAML service provider.

Once you've set up the SAML SSO relationship between Google and AWS, you can find the SP ID by drilling into the Google Apps console, under Apps > SAML Apps > Settings for AWS SSO -- the URL will include a component that looks like ...#AppDetails:service=123456789012... -- that number is GOOGLE_SP_ID

You can find the GOOGLE_IDP_ID, again from the admin console, via Security > Set up single sign-on (SSO) -- the SSO URL includes a string like https://accounts.google.com/o/saml2/idp?idpid=aBcD01AbC where the last bit (after the =) is the GOOGLE_IDP_ID.

This project uses https://github.com/cevoaustralia/aws-google-auth under the hood.


HOW TO INSTALL IT?

First of all, make sure to have AWS CLI installed:

https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html

After it, make sure to dedicate a virtualenv only for GAWS so it won't mess up with whatever you have on your system.

Create a virtualenv for python3.6 onwards, we tried with 3.9 and it worked like a charm:

virtualenv --python /usr/bin/python3.9 ~/.virtualenvs/gaws

source ~/.virtualenvs/gaws/bin/activate

python -m pip install GAWS

Now, add symbolic link somewhere in your path gaws command, for example:

ln -s ~/.virtualenvs/gaws/bin/gaws ~/.local/bin/gaws


How to use it?

It's easy as fuck, just navigate into the example folder, copy the gaws.ini file into the folder of your project.

If you can, you can grab the inventory_instances.py to test it as an example if you want too.

Then, all you have to do, is go to that folder in your terminal and edit gaws.ini and fill it according your needs.

For example:

cd ~/Projects/MyScriptCollection

emacs gaws.ini ## or vim gaws.ini ## or.. nano gaws.ini...

Now instead of executing the script as your normally could do, prefix it with gaws, see the following:

gaws python inventory_access.py

If you run gaws for first time, it will show you a wizard to fill with default parameters, that are going yo be stored on ~/.gaws/config.ini

And that's it, it will crawl the ini file and execute inventory_access.py against each one of the accounts.

About

Google Amazon Wrapper Single sign on

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages