Assuming Roles
The SAML.to CLI has a handful ways to assume AWS roles.
With the CLI
First, install the saml-to CLI.
Listing Roles
To know which roles are available to assume, use the list-roles subcommand.
saml-to list-rolesAssuming Roles
Using the Terminal to open a Browser Window
To interactively prompt for a role to assume, use the following command:
saml-to assumeOr, to assume a specific role, first List Roles, and provide the Role Name:
saml-to assume arn:aws:iam::123456789012:role/administratorProtip: You can use substring matching for role names.
If the Role ARN outputted from list-roles is arn:aws:iam::123456789012:role/administrator, then you can shorten it with any unique substring of that Role ARN.
For example:
saml-to assume arn:aws:iam::123456789012:role/administrator
May be shortened to:
saml-to assume administrator
Using Environment Variables
If you add the --headless flag to a saml-to assume command, the appropriate environment variables will be added to the terminal environment:
$(saml-to assume administrator --headless)Then, you may run AWS CLI commands, or run any process that uses the Environment Variables, such as the AWS SDK:
aws sts get-caller-identityIn the Browser
Go to SAML.to Apps and AWS roles can be assumed by clicking on the desired "Assume" button for a listed role.
Last updated