← 返回命令列表

Linux command

aws-google-auth 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Authenticate and get AWS credentials

aws-google-auth

Authenticate with a specific profile

aws-google-auth -p [profile-name]

Authenticate with explicit Google IDP and SP IDs

aws-google-auth -I [google-idp-id] -S [google-sp-id] -u [user@domain.com]

Authenticate and assume a specific role

aws-google-auth -R [arn:aws:iam::account:role/role-name]

Set credential duration

aws-google-auth -d [3600]

Authenticate using environment variables

GOOGLE_USERNAME=[user@domain.com] GOOGLE_IDP_ID=[abc123] GOOGLE_SP_ID=[xyz789] aws-google-auth

说明

aws-google-auth is a command-line tool that acquires AWS temporary (STS) credentials using Google Workspace (formerly G Suite) as a federated SAML identity provider. It enables single sign-on (SSO) from Google accounts to AWS. The tool authenticates against Google, retrieves a SAML assertion, and exchanges it for AWS temporary credentials stored in the AWS credentials file. It supports MFA including TOTP and U2F security keys.

参数

-u, --username
Google account email address
-I, --idp-id
Google Identity Provider ID
-S, --sp-id
Google Service Provider ID for AWS
-R, --role-arn
AWS IAM role ARN to assume
-d, --duration
Credential duration in seconds (default: 3600)
-p, --profile
AWS profile name to store credentials
-a, --ask-role
Prompt for role selection even if only one available
--no-cache
Disable caching of IDP and SP IDs

FAQ

What is the aws-google-auth command used for?

aws-google-auth is a command-line tool that acquires AWS temporary (STS) credentials using Google Workspace (formerly G Suite) as a federated SAML identity provider. It enables single sign-on (SSO) from Google accounts to AWS. The tool authenticates against Google, retrieves a SAML assertion, and exchanges it for AWS temporary credentials stored in the AWS credentials file. It supports MFA including TOTP and U2F security keys.

How do I run a basic aws-google-auth example?

Run `aws-google-auth` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -u, --username do in aws-google-auth?

Google account email address