首页 > 开发者工具 > SAML to AWS STS Keys Conversion-SAML到AWS STS密钥转换-Chrome扩展插件

SAML to AWS STS Keys Conversion-SAML到AWS STS密钥转换-Chrome扩展插件

使用SSO(SAML 2.0)登录AWS webconsole后,使用AWS STS密钥生成文件。它利用'assumeRoleWithSAML'API。
Generates file with AWS STS Keys after logging in to AWS webconsole using SSO (SAML 2.0). It leverages 'assumeRoleWithSAML' API.


SAML to AWS STS Keys Conversion-SAML到AWS STS密钥转换-Chrome扩展插件基本信息

扩展名称:SAML to AWS STS Keys Conversion-SAML到AWS STS密钥转换-Chrome扩展插件
扩展版本:2.7    大小:264K
更新日期:2019-02-08
插件作者:prolane.org
插件语言:English
官方站点:https://github.com/prolane/samltoawsstskeys
插件ID:ekniobabpcnfjgfbphhcolcinmnbehde
用户数量:2471    评分:4.6(共5分)

SAML to AWS STS Keys Conversion Chrome插件图片预览

SAML to AWS STS Keys Conversion-SAML到AWS STS密钥转换-Chrome扩展插件图片1

SAML to AWS STS Keys Conversion-SAML到AWS STS密钥转换-Chrome扩展插件介绍

Google Chrome扩展程序可将SAML 2.0断言转换为AWS STS密钥(临时凭证 - > AccessKeyId,SecretAccessKey和SessionToken)。

###为何选择此Chrome扩展程序?###
如果您在AWS身份和访问管理(IAM)中没有任何用户管理设置,而是依赖于您的企业用户目录,即Microsoft Active Directory。您的公司使用SAML 2.0身份提供程序(IDP)登录AWS Web管理控制台(单点登录)。然后是Chrome Estension,如果适合你的话!

一旦你想从你的计算机执行调用AWS API的一些花哨的脚本,你就会遇到麻烦。向AWS API发送请求时,您需要凭据,即AccessKey和SecretKey。您可以在AWS IAM中为每个用户轻松生成这些密钥。但是,由于您在AWS IAM中没有任何用户,并且不想仅为了拥有AccessKey和SecretKey而创建用户,因此您会被搞砸。但是有一种方法可以专门为您的企业标识获取临时凭证。

AWS的安全令牌服务(STS)提供了一个API动作assumeRoleWithSAML。使用您的IDP提供的SAML断言,Chrome扩展程序会调用此API操作来获取临时凭据。(AccessKeyId,SecretAccessKey和SessionToken)。这样就不需要在用于执行脚本的AWS IAM中创建某种匿名用户。这将是一场真正的安全噩梦,因为无法审核谁做了什么。
Google Chrome Extension which converts a SAML 2.0 assertion to AWS STS Keys (temporary credentials -u003e AccessKeyId, SecretAccessKey and SessionToken).

### Why this Chrome Extension? ###
If you don't have any user administration setup within AWS Identity & Access Management (IAM) but instead rely on your corporate user directory, i.e. Microsoft Active Directory. Your company uses a SAML 2.0 Identity Provider (IDP) to log in to the AWS Web Management Console (Single Sign On). Then this Chrome Estension if for you!

You run into trouble as soon as you would like to execute some fancy scripts from your computer which calls the AWS API's. When sending a request to the AWS API's you need credentials, meaning an AccessKey and SecretKey. You can easily generate these keys for each user in AWS IAM. However, since you don't have any users in AWS IAM and don't want to create users just for the sake of having an AccessKey and SecretKey you are screwed. But there is a way to get temporary credentials specifically for your corporate identity.

The Security Token Service (STS) from AWS provides an API action assumeRoleWithSAML. Using the SAML Assertion given by your IDP the Chrome Extension will call this API action to fetch temporary credentials. (AccessKeyId, SecretAccessKey and SessionToken). This way there is no need to create some sort of anonymous user in AWS IAM used for executing scripts. This would be a real security nightmare, since it won't be possible to audit who did what. This Chrome Extension however will make it super easy for you to just use your corporate identity for executing scripts calling AWS API's.
相关信息
热门
  1. 1Easy Auto Reloader
  2. 2批量搜索工具
  3. 3YouTube™双字幕
  4. 4SRT宏
  5. 5Twitter视频下载器
  6. 6批量链接下载器
  7. 7Flash视频下载器
  8. 8IG Helper: 下载 Instagram 图片和视频
  9. 9我的猫 - 可爱的猫和小猫壁纸
  10. 10HTML5视频播放器