You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jun 26, 2025. It is now read-only.
In any case <exec-profile> is available in a shortcut alias below, it is positional, but optional. If you do not specify a profile, it will use the 'base' role you have assumed. For these commands, any extra parameters are passed to saml2aws, so use -- to separate your flags from a command. Each of the commands with a profile also have autocompletion from your loaded ~/.aws/config file enabled.
Alias
parameters
description
sa
saml2aws command shortcut alias
sal
login to IDP (skips prompts by default, and uses the session duration var)
sae
<exec-profile> <command>
execute a command as the profile, with the session duration var
sash
<exec-profile>
open a shell as the profile, with the session duration var
sas
<exec-profile>
print shell export script for profile, with the session duration var
sase
<exec-profile>
print env file format for profile, with the session duration var
salr
list roles available to login as
sac
<exec-profile>
Open a browser to the logged in AWS console
said
output of aws sts get-caller-identity for assumed role ($profile optional)
saml2aws configuration
ENV var
example
information
SAML2AWS_LOGIN_SESSION_DURATION
43200
Length of time (seconds) the "root" federation session is available. This can be up to 12 hours (in seconds).
SAML2AWS_SESSION_DURATION
3600
Length of time (seconds) the role assume session is available. This can be up to 1 hour (in seconds).
Examples
Assume the staging profile and run an aws command
sae staging -- aws sts get-caller-identity
Assume the login role and start a shell (same as you are using) with that context
