In an Interactive Terminal (e.g. Developer Laptop)
Add the --headless
flag to the saml-to assume
command in a subshell $(...)
$(saml-to assume the-role-name --headless)
aws sts get-caller-identity # (optional, shows the identity that is now assumed)
aws ec2 describe-instances # (or whatever AWS CLI command desired)
In GitHub Actions
In the Workflow YAML, use provide the Repository Secret (automatically generated using ${{ secrets.GITHUB_TOKEN }}
and the
steps:
- uses: saml-to/assume-aws-role-action@v1
with:
role: arn:aws:iam::123456789012:role/admin
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: aws sts get-caller-identity # (optional, shows the identity that is now assumed)
- run: aws ec2 describe-instances # (or whatever AWS CLI command desired)
In an Interactive Terminal (e.g. Developer Laptop)
Add the --save
flag to the saml-to assume
command
saml-to assume the-role-name --save
aws sts get-caller-identity --profile the-role-name
aws ec2 describe-instances --profile the-role-name
In GitHub Actions
Add the profile:
option to the
steps:
- uses: saml-to/assume-aws-role-action@v1
with:
role: arn:aws:iam::123456789012:role/admin
profile: the-profile-name
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: aws sts get-caller-identity # (optional, shows the identity that is now assumed)
- run: aws ec2 describe-instances # (or whatever AWS CLI command desired)
Named Profiles are useful if you need to access multiple AWS accounts or Roles in the same session