Using SAML and token exchange to federate into AWS through the AWS Command Line Interface - PingFederate

Use Cases

bundle: solution-guides
ft:publication_title: Use Cases
Product_Version_ce
category: ContentType; howtodoc
ContentType_ce: How-to

This use case shows you how to use PingFederate to issue a token to Amazon Web Services (AWS) to authenticate an end-user for API access.

You can automate getting the AWS Access Key ID and AWS Secret Access Key (which are your account credentials) by using PingFederate to authenticate against the user store (such as ActiveDirectory), get a SAML assertion to federate into AWS, and then exchange the SAML assertion for an access token to make CLI commands to AWS.

Component

PingFederate 9.2

Before you begin

Make sure of the following:

PingFederate 9.2 is installed and running.
You have a functioning AWS SP SAML connection in PingFederate. To accomplish this, install the AWS Connector and the AWS CLI tool. For documentation on the AWS Command Line Interface (CLI), see the Amazon CLI User Guide.
Note:
The CLI tool is installed on your hard drive (usually in a hidden folder) and includes two files: config and credentials. The credentials file is where the ID and Key are stored and look similar to this:
```
aws_access_key_id = ARIAIY4DSCACQLFZSULQ
aws_secret_access_key = /zf8dHb2FDJQ0IPxQZeoOLftZ5gif0ve6f8gibtu
```