Assuming Roles
The SAML.to CLI has a handful ways to assume AWS roles.
Last updated
The SAML.to CLI has a handful ways to assume AWS roles.
Last updated
First, .
To know which roles are available to assume, use the list-roles
subcommand.
To interactively prompt for a role to assume, use the following command:
Or, to assume a specific role, first , and provide the Role Name:
Protip: You can use substring matching for role names.
If the Role ARN outputted from list-roles
is arn:aws:iam::123456789012:role/administrator
, then you can shorten it with any unique substring of that Role ARN.
For example:
saml-to assume arn:aws:iam::123456789012:role/administrator
May be shortened to:
saml-to assume administrator
If you add the --headless
flag to a saml-to assume
command, the appropriate environment variables will be added to the terminal environment:
Then, you may run AWS CLI commands, or run any process that uses the Environment Variables, such as the AWS SDK:
Go to and AWS roles can be assumed by clicking on the desired "Assume" button for a listed role.