-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Overwrite the aws config instead of appending #17
Closed
Closed
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit
Hold shift + click to select a range
3c9e28f
Overwrite the aws config instead of appending
rdinardi-bw 3a30af6
provide an optional aws_profile option to the action
rdinardi-bw 3fe0ab8
telling the github env where the aws configuration is and setting the…
rdinardi-bw e9cf5cf
reverting back to overwriting the config and updating the readme
rdinardi-bw File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,7 +4,9 @@ Obtain temporary AWS Creds from your Okta Profile. | |
|
||
## Usage | ||
|
||
Here's an example. All options are required except `okta_mfa_method` which default to TOTP based notification. | ||
Here's an example. All options are required except: | ||
- `aws_profile` defaults to 'default' | ||
- `okta_mfa_method` which default to TOTP based notification. | ||
|
||
```yaml | ||
- name: Create AWS profile | ||
|
@@ -27,6 +29,35 @@ AWS_SESSION_TOKEN: *** | |
|
||
It also masks the actual values in the logs for added security. | ||
|
||
|
||
You can create multiple profiles by using this action multiple times and specifying `aws_profile` for each like such: | ||
```yaml | ||
- name: Create First AWS profile | ||
uses: mrchief/aws-creds-okta@master | ||
with: | ||
aws_profile: first-profile | ||
aws_role_arn: arn:aws:iam::account-id:role/role-name | ||
okta_username: [email protected] | ||
okta_password: ${{ secrets.OKTA_PASSWORD }} | ||
okta_app_url: https://mycompany.okta.com/home/amazon_aws/1234567890abcdefghij/123 | ||
okta_mfa_seed: ${{ secrets.OKTA_MFA_SEED }} | ||
|
||
- name: Create Second AWS profile | ||
uses: mrchief/aws-creds-okta@master | ||
with: | ||
aws_profile: second-profile | ||
aws_role_arn: arn:aws:iam::account-id:role/role-name | ||
okta_username: [email protected] | ||
okta_password: ${{ secrets.OKTA_PASSWORD }} | ||
okta_app_url: https://mycompany.okta.com/home/amazon_aws/1234567890abcdefghij/123 | ||
okta_mfa_seed: ${{ secrets.OKTA_MFA_SEED }} | ||
|
||
- name: Run AWS Commands as Different Profiles | ||
run: | | ||
aws sts get-caller-identity --profile first-profile | ||
aws sts get-caller-identity --profile second-profile | ||
``` | ||
|
||
### 💡 Note | ||
|
||
- Currently only supports `totp` authentication. There are plans to add support for other MFA methods. PRs welcome. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we may have to do something like
but if you have tested it to be working fine, then we're good.