Comments (4)
AlainODea
commented on August 25, 2024
Cross-account roles have been working on master since the merge December 5th, 2017.
If you only have one role assigned, this tool will pick that role with no prompts.
Troubleshooting steps:
- Have you assigned multiple roles to yourself in the Okta admin portal?
- If you can, do that.
- If you have. Let me know. That sound like a bug.
- If you can't, you need to revisit the setup instructions from your Amazon Web Services app's Sign On tab.
To get cross-account roles working in the Okta web portal, I had to start from scratch and follow the Connect Okta to Multiple AWS Instances section here to get it working myself:
http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Amazon-Web-Service.html#scenarioB
The sharp edges to watch out for:
- Case-sentitivity:
- Every AWS account must have an IAM Role with the case-senstive exact name Okta-Idp-cross-account-role
- The identity provider in every AWS account must have the case-senstive exact same name
- Required Symmetry:
- Every IAM Role you want to assume must be allowed to be assumed by the commonly named identity provider within its own account (ARN differs by account number)
- AWS CLI session-role behaviour:
- Every IAM Role you want to assume must also be allowed to assume itself (AWS CLI won't be able to use the roles otherwise)
- This isn't in the app setup instructions, but it is noted in the README on this project
from okta-aws-cli-assume-role.
AlainODea
commented on August 25, 2024
@mraible this issue can be closed.
from okta-aws-cli-assume-role.
liquid-sky
commented on August 25, 2024
Hi @AlainODea,
Sorry for the delay. We have a role that has only one permission - assume roles in different accounts. In previous version of this tool, after the main role is assumed, the policies would be queries to check if it's linked to different accounts and then it would present with a choice of roles to assume from the list of available ones. This workflow no longer works.
from okta-aws-cli-assume-role.
AlainODea
commented on August 25, 2024
@liquid-sky what you describe is not a supported way of using the Amazon Web Services Okta app. The old way was complex and could not be scaled or generalized. That’s why Okta changed it. It’s also why I rewrote this tool to follow the new way. This issue is closed and will not be fixed.
Follow this guide for a supported integration with multiple AWS accounts: Connect Okta to Multiple AWS Instances:
http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Amazon-Web-Service.html#scenarioB
from okta-aws-cli-assume-role.
Related Issues (20)
- v3.0.0 release does not include okta-aws-cli.jar HOT 1
- Error running okta-aws in Windows 10 HOT 7
- Not
- Double quotes in AWS options cause an error
- JavaFx browser doesn't support Okta 2 Factor Authetication login
- Add okta verify number challenge in terminal
- Step 2 of MacOS instructions to setup Okta push notification auth is incomplete HOT 2
- unable to finish 2fa login with duo (m1max) HOT 1
- Get the Aws secret and token after login
- Java exception in thread "main" when running awscli HOT 3
- Server error when loading Okta AWS App: 500 when using Yubikey
- Yubikey MFA is broken, at least on Mac OS HOT 1
- Does not support Java 19
- Auth window doesn't redirect back with approval
- CLI doesn't accept password
- Getting Javafx related error on ORacle linux 7 - for okta-aws command
- Error: Could not find or load main class on MacOS Ventura HOT 1
- Has this stopped working for anyone that upgraded to Okta Identity Engine
- Support Okta Fastpass HOT 2
- The popup window never opens aws
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from okta-aws-cli-assume-role.