Skip to content
This repository was archived by the owner on Jun 10, 2024. It is now read-only.
/ docker-okta-utils Public archive

Utility container for SAML authentication to AWS via Okta

3 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cmdlabs/docker-okta-utils

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
scripts
scripts
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CODEOWNERS
CODEOWNERS
 
 
Dockerfile
Dockerfile
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

docker-okta-utils

Docker Cloud Automated build Docker Cloud Build Status

docker-okta-utils implements a container that handles authentication from Okta to AWS. Because it (non-destructively) updates your ~/.aws/credentials file, it is flexible enough to allow use of other tools with their own Docker images like Terraform and kubectl. It also allows easy use of the 3 Musketeers pattern.

Important Information

It is not possible to run oktashell with the eval $(docker run -it) method of setting environment variables. This is due to docker run -it not outputting on stderr causing all output to be captured by eval. To work around this oktashell -p <profile> has been added which will write the credentials to the specified profile in ~/.aws/credentials. You need to bind mount your .aws directory from the host to /root/.aws/ for this to work.

oktashell

Configuration

oktashell requires a configuration file at ~/.aws/oktashell.yml containing information about your Okta apps:

---
myapp:
  application_id: asdfasdfasdfasdfasdf
  application_type: amazon_aws
  okta_url: myorg.okta.com
myapp_test:
  application_id: fdsafdsafdsafdsafdsa
  application_type: amazon_aws
  okta_url: myorg.oktapreview.com

Usage

usage: oktashell [-h] [-r] [-u USER] [-a APP] [-d DURATION] [-m MFA] [-o ROLE]
                 [-p PROFILE]

optional arguments:
  -h, --help                        show this help message and exit
  -r, --reauth                      Refresh the creds for the current user.
  -u USER, --user USER              User to log in as; will prompt if not supplied
  -a APP, --app APP                 App name to log into; will prompt if not supplied
  -d DURATION, --duration DURATION  Token expiry time in seconds; default 3600 (1 hour)
  -m MFA, --mfa MFA                 MFA token type to prefer; eg. totp or push
  -o ROLE, --role ROLE              Role ARN to assume automatically
  -p PROFILE, --profile PROFILE     Profile to write credentials to in ~/.aws/credentials

How to use

This image is available at dockerhub: https://hub.docker.com/r/cmdlabs/okta-utils

Shell functions allow you mix hardcoded and dynamic parameters. If you would like to take additional parameters specified on the command line add $@ to the end of a function command.

Hardcoded Parameters

function oktashell() {
  docker run --rm -it -v ~/.aws:/root/.aws --entrypoint=oktashell cmdlabs/okta-utils:latest -u <username> -a <application> -m <mfa_method> -o <role_arn> -p <profile> -d 28800
}

Dynamic Parameters

function oktashell() {
  docker run --rm -it -v ~/.aws:/root/.aws --entrypoint=oktashell cmdlabs/okta-utils:latest $@
}

About

Utility container for SAML authentication to AWS via Okta

Topics

docker cli aws authentication okta

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases 1

3.0.0 Latest
Sep 19, 2019

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages