From 6b43632339797df6c31d26c67d63e8fe18e85cb6 Mon Sep 17 00:00:00 2001 From: wmckenzie Date: Mon, 3 May 2021 13:46:38 +1200 Subject: [PATCH 1/7] OPS-151 - update for EP --- README.md | 15 +++++++++++---- manifest.json | 6 +++--- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 3da86b9..3be124a 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # SAML to AWS STS Keys Conversion Google Chrome Extension which converts a SAML 2.0 assertion to AWS STS Keys (temporary credentials). Just log in to the AWS Web Management Console using your SAML IDP and the Chrome Extension will fetch the SAML Assertion from the HTTP request. The SAML Assertion is then used to call the assumeRoleWithSAML API to create the temporary credentials. (AccessKeyId, SecretAccessKey and SessionToken). -The Chrome Extension can be downloaded here: -[Google Chrome Web Store](https://chrome.google.com/webstore/detail/ekniobabpcnfjgfbphhcolcinmnbehde/) +The EP version of this Chrome Extension can be downloaded here: +[Google Chrome Web Store](https://chrome.google.com/webstore/) # Table of Contents * [Why this Chrome Extension?](#why) @@ -18,10 +18,17 @@ You run into trouble as soon as you would like to execute some fancy scripts fro The Security Token Service (STS) from AWS provides an API action assumeRoleWithSAML. Using the SAML Assertion given by your IDP the Chrome Extension will call this API action to fetch temporary credentials. (AccessKeyId, SecretAccessKey and SessionToken). This way there is no need to create some sort of anonymous user in AWS IAM used for executing scripts. This would be a real security nightmare, since it won't be possible to audit who did what. This Chrome Extension however will make it super easy for you to just use your corporate identity for executing scripts calling AWS API's. ## Getting Started -TODO +Once you install the app, it will download a credentials file into your downloads folder each time you assume an AWS role. + +You will need to load it into Chrome as an "unpacked extension" from the Chrome Extensions menu. ## Create a symlink to your .aws directory (for Windows users) -TODO +We use our own version of a Chrome Extension which will automatically download a set of credentials for you when you assume the AWS role via GSuite - this will add temporary credentials into your downloads folder, which you can reference with a symlink from your .aws folder. + +On windows, in a command prompt: + +C:\Users\user_name\.aws> mklink credentials C:\Users\user_name\Downloads\credentials + ## FAQ: Frequently Asked Question 1. Why can I not save file somewhere else? diff --git a/manifest.json b/manifest.json index e88b3cb..5bf1a7d 100644 --- a/manifest.json +++ b/manifest.json @@ -1,8 +1,8 @@ { "manifest_version": 2, - "author": "G.T.C. Laan (prolane.org)", - "homepage_url": "https://github.com/prolane/samltoawsstskeys", - "name": "SAML to AWS STS Keys Conversion", + "author": "EP, originally from G.T.C. Laan (prolane.org)", + "homepage_url": "https://github.com/EducationPerfect/samltoawsstskeys", + "name": "Education Perfect SAML to AWS STS Keys Conversion", "description": "Generates file with AWS STS Keys after logging in to AWS webconsole using SSO (SAML 2.0). It leverages 'assumeRoleWithSAML' API.", "version": "2.7", "icons": { "16": "icons/icon_16.png", From cde9edf24295681aa0b84f0cf4308fca4021a612 Mon Sep 17 00:00:00 2001 From: wmckenzie Date: Tue, 4 May 2021 10:32:02 +1200 Subject: [PATCH 2/7] OPS-151- remove chrome webstore link --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index 3be124a..706288e 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,6 @@ # SAML to AWS STS Keys Conversion Google Chrome Extension which converts a SAML 2.0 assertion to AWS STS Keys (temporary credentials). Just log in to the AWS Web Management Console using your SAML IDP and the Chrome Extension will fetch the SAML Assertion from the HTTP request. The SAML Assertion is then used to call the assumeRoleWithSAML API to create the temporary credentials. (AccessKeyId, SecretAccessKey and SessionToken). -The EP version of this Chrome Extension can be downloaded here: -[Google Chrome Web Store](https://chrome.google.com/webstore/) - # Table of Contents * [Why this Chrome Extension?](#why) * [Getting Started](#gettingstarted) From 6b88b98f16b9013c685edfd4e21b2835c6855de0 Mon Sep 17 00:00:00 2001 From: wmckenzie Date: Tue, 4 May 2021 10:46:49 +1200 Subject: [PATCH 3/7] OPS-151- expand install instructions --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 706288e..0d86aee 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,11 @@ The Security Token Service (STS) from AWS provides an API action assumeRoleWithS Once you install the app, it will download a credentials file into your downloads folder each time you assume an AWS role. You will need to load it into Chrome as an "unpacked extension" from the Chrome Extensions menu. +1. Pull the repo down locally +2. In Chrome, go to More Tools > Extensions > Load Unpacked +3. Select the samltoawsstskeys folder (ie this repo) + +Additionally, you may need to manually pin the extension in your Chrome address bar's extension section - this will allow you to enable/ disable the extension if requried ## Create a symlink to your .aws directory (for Windows users) We use our own version of a Chrome Extension which will automatically download a set of credentials for you when you assume the AWS role via GSuite - this will add temporary credentials into your downloads folder, which you can reference with a symlink from your .aws folder. From d14a6ba4a3f7179be002871560734becc6936640 Mon Sep 17 00:00:00 2001 From: Ali Tayebi Date: Thu, 6 May 2021 15:07:33 +1000 Subject: [PATCH 4/7] Improving ReadMe --- README.md | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 0d86aee..a45282b 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Google Chrome Extension which converts a SAML 2.0 assertion to AWS STS Keys (tem * [Frequently Asked Question](#faq) ## Why this Chrome Extension? -If you don't have any user administration setup within AWS Identity & Access Management (IAM) but instead rely on your corporate user directory, i.e. Microsoft Active Directory. Your company uses a SAML 2.0 Identity Provider (IDP) to log in to the AWS Web Management Console (Single Sign On). Then this Chrome Estension if for you! +If you don't have any user administration setup within AWS Identity & Access Management (IAM) but instead rely on your corporate user directory, i.e. Microsoft Active Directory. Your company uses a SAML 2.0 Identity Provider (IDP) to log in to the AWS Web Management Console (Single Sign On). Then this Chrome Extension if for you! You run into trouble as soon as you would like to execute some fancy scripts from your computer which calls the AWS API's. When sending a request to the AWS API's you need credentials, meaning an AccessKey and SecretKey. You can easily generate these keys for each user in AWS IAM. However, since you don't have any users in AWS IAM and don't want to create users just for the sake of having an AccessKey and SecretKey you are screwed. But there is a way to get temporary credentials specifically for your corporate identity. @@ -19,18 +19,36 @@ Once you install the app, it will download a credentials file into your download You will need to load it into Chrome as an "unpacked extension" from the Chrome Extensions menu. 1. Pull the repo down locally -2. In Chrome, go to More Tools > Extensions > Load Unpacked -3. Select the samltoawsstskeys folder (ie this repo) +2. In Chrome, go to More Tools > Extensions +3. Make sure Developer mode is enabled. It is a toggle button at top right corner. Then click on Load Unpacked. +4. Select the samltoawsstskeys folder (ie this repo) -Additionally, you may need to manually pin the extension in your Chrome address bar's extension section - this will allow you to enable/ disable the extension if requried +Additionally, you may need to manually pin the extension in your Chrome address bar's extension section - this will allow you to enable/ disable the extension if required -## Create a symlink to your .aws directory (for Windows users) +## Create a symlink to your .aws directory We use our own version of a Chrome Extension which will automatically download a set of credentials for you when you assume the AWS role via GSuite - this will add temporary credentials into your downloads folder, which you can reference with a symlink from your .aws folder. -On windows, in a command prompt: - +### Windows +In a command prompt run: +```powershell C:\Users\user_name\.aws> mklink credentials C:\Users\user_name\Downloads\credentials - +``` + +### Mac & Linux +Run the following command in a terminal: +```sh +ln -s ~/Downloads/credentials ~/.aws/credentials +``` + +If you are using multiple AWS profiles and already set AWS_PROFILE environment variable, then run the following command to set it back to default: +```sh +export AWS_PROFILE=default +``` + +To ensure your settings are fine, you can try the following command and should be able to see your credentials: +```sh +aws sts get-caller-identity +``` ## FAQ: Frequently Asked Question 1. Why can I not save file somewhere else? From 16f015f1c1ba0502126c428ee4b38ff984d61654 Mon Sep 17 00:00:00 2001 From: Ali Tayebi Date: Thu, 6 May 2021 15:10:19 +1000 Subject: [PATCH 5/7] Revert "Improving ReadMe" This reverts commit d14a6ba4a3f7179be002871560734becc6936640. --- README.md | 34 ++++++++-------------------------- 1 file changed, 8 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index a45282b..0d86aee 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Google Chrome Extension which converts a SAML 2.0 assertion to AWS STS Keys (tem * [Frequently Asked Question](#faq) ## Why this Chrome Extension? -If you don't have any user administration setup within AWS Identity & Access Management (IAM) but instead rely on your corporate user directory, i.e. Microsoft Active Directory. Your company uses a SAML 2.0 Identity Provider (IDP) to log in to the AWS Web Management Console (Single Sign On). Then this Chrome Extension if for you! +If you don't have any user administration setup within AWS Identity & Access Management (IAM) but instead rely on your corporate user directory, i.e. Microsoft Active Directory. Your company uses a SAML 2.0 Identity Provider (IDP) to log in to the AWS Web Management Console (Single Sign On). Then this Chrome Estension if for you! You run into trouble as soon as you would like to execute some fancy scripts from your computer which calls the AWS API's. When sending a request to the AWS API's you need credentials, meaning an AccessKey and SecretKey. You can easily generate these keys for each user in AWS IAM. However, since you don't have any users in AWS IAM and don't want to create users just for the sake of having an AccessKey and SecretKey you are screwed. But there is a way to get temporary credentials specifically for your corporate identity. @@ -19,36 +19,18 @@ Once you install the app, it will download a credentials file into your download You will need to load it into Chrome as an "unpacked extension" from the Chrome Extensions menu. 1. Pull the repo down locally -2. In Chrome, go to More Tools > Extensions -3. Make sure Developer mode is enabled. It is a toggle button at top right corner. Then click on Load Unpacked. -4. Select the samltoawsstskeys folder (ie this repo) +2. In Chrome, go to More Tools > Extensions > Load Unpacked +3. Select the samltoawsstskeys folder (ie this repo) -Additionally, you may need to manually pin the extension in your Chrome address bar's extension section - this will allow you to enable/ disable the extension if required +Additionally, you may need to manually pin the extension in your Chrome address bar's extension section - this will allow you to enable/ disable the extension if requried -## Create a symlink to your .aws directory +## Create a symlink to your .aws directory (for Windows users) We use our own version of a Chrome Extension which will automatically download a set of credentials for you when you assume the AWS role via GSuite - this will add temporary credentials into your downloads folder, which you can reference with a symlink from your .aws folder. -### Windows -In a command prompt run: -```powershell +On windows, in a command prompt: + C:\Users\user_name\.aws> mklink credentials C:\Users\user_name\Downloads\credentials -``` - -### Mac & Linux -Run the following command in a terminal: -```sh -ln -s ~/Downloads/credentials ~/.aws/credentials -``` - -If you are using multiple AWS profiles and already set AWS_PROFILE environment variable, then run the following command to set it back to default: -```sh -export AWS_PROFILE=default -``` - -To ensure your settings are fine, you can try the following command and should be able to see your credentials: -```sh -aws sts get-caller-identity -``` + ## FAQ: Frequently Asked Question 1. Why can I not save file somewhere else? From 3774210e03483ebfc4448d5b68a3bab1cebaf0d3 Mon Sep 17 00:00:00 2001 From: Ali Tayebi Date: Thu, 6 May 2021 15:29:18 +1000 Subject: [PATCH 6/7] updating readme for mac/linux users --- README.md | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 0d86aee..552935f 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Google Chrome Extension which converts a SAML 2.0 assertion to AWS STS Keys (tem * [Frequently Asked Question](#faq) ## Why this Chrome Extension? -If you don't have any user administration setup within AWS Identity & Access Management (IAM) but instead rely on your corporate user directory, i.e. Microsoft Active Directory. Your company uses a SAML 2.0 Identity Provider (IDP) to log in to the AWS Web Management Console (Single Sign On). Then this Chrome Estension if for you! +If you don't have any user administration setup within AWS Identity & Access Management (IAM) but instead rely on your corporate user directory, i.e. Microsoft Active Directory. Your company uses a SAML 2.0 Identity Provider (IDP) to log in to the AWS Web Management Console (Single Sign On). Then this Chrome Extension if for you! You run into trouble as soon as you would like to execute some fancy scripts from your computer which calls the AWS API's. When sending a request to the AWS API's you need credentials, meaning an AccessKey and SecretKey. You can easily generate these keys for each user in AWS IAM. However, since you don't have any users in AWS IAM and don't want to create users just for the sake of having an AccessKey and SecretKey you are screwed. But there is a way to get temporary credentials specifically for your corporate identity. @@ -19,18 +19,36 @@ Once you install the app, it will download a credentials file into your download You will need to load it into Chrome as an "unpacked extension" from the Chrome Extensions menu. 1. Pull the repo down locally -2. In Chrome, go to More Tools > Extensions > Load Unpacked +2. In Chrome, go to More Tools > Extensions +3. Make sure Developer mode is enabled. It is a toggle button at top right corner. Then click on Load Unpacked. 3. Select the samltoawsstskeys folder (ie this repo) -Additionally, you may need to manually pin the extension in your Chrome address bar's extension section - this will allow you to enable/ disable the extension if requried +Additionally, you may need to manually pin the extension in your Chrome address bar's extension section - this will allow you to enable/ disable the extension if required -## Create a symlink to your .aws directory (for Windows users) +## Create a symlink to your .aws directory We use our own version of a Chrome Extension which will automatically download a set of credentials for you when you assume the AWS role via GSuite - this will add temporary credentials into your downloads folder, which you can reference with a symlink from your .aws folder. -On windows, in a command prompt: - +### Windows +In a command prompt run: +```powershell C:\Users\user_name\.aws> mklink credentials C:\Users\user_name\Downloads\credentials - +``` + +### Mac & Linux +Run the following command in a terminal: +```sh +ln -s ~/Downloads/credentials ~/.aws/credentials +``` + +If you are using multiple AWS profiles and already set AWS_PROFILE environment variable, then run the following command to set it back to default: +```sh +export AWS_PROFILE=default +``` + +To ensure your settings are fine, you can try the following command and should be able to see your credentials: +```sh +aws sts get-caller-identity +``` ## FAQ: Frequently Asked Question 1. Why can I not save file somewhere else? From f6eedfec1c9b235bc2f7ef4d9fe2f6e178b8717e Mon Sep 17 00:00:00 2001 From: Kent Chenery Date: Fri, 7 May 2021 13:23:31 +1200 Subject: [PATCH 7/7] Change the link in options.html to point to EP --- options/options.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/options/options.html b/options/options.html index 2a791f1..6c55bc0 100644 --- a/options/options.html +++ b/options/options.html @@ -14,7 +14,7 @@

Developed by prolane.org (Gerard Laan)

-

For help, please see README at the project page on Github.com

+

For help, please see README at the project page on Github.com