You can automate getting the AWS Access Key ID and AWS Secret Access Key (which are your account credentials) by using PingFederate to authenticate against the user store (such as ActiveDirectory), get a SAML assertion to federate into AWS, and then exchange the SAML assertion for an access token to make CLI commands to AWS.


PingFederate 9.2

Before you begin

Make sure of the following:

  • PingFederate 9.2 is installed and running.
  • You have a functioning AWS SP SAML connection in PingFederate. To accomplish this, install the AWS Connector and the AWS CLI tool. For documentation on the AWS Command Line Interface (CLI), see the Amazon CLI User Guide.

    The CLI tool is installed on your hard drive (usually in a hidden folder) and includes two files: config and credentials. The credentials file is where the ID and Key are stored and look similar to this:

    aws_access_key_id = ARIAIY4DSCACQLFZSULQ
    aws_secret_access_key = /zf8dHb2FDJQ0IPxQZeoOLftZ5gif0ve6f8gibtu