I have a use case where I want to assign role to users in AWS Console but also provide access key and secret key with configurable timeout on AWS CLI for users to leverage the CLI can that be possible with Duo?
My hope was that I can modify and use the python script “samlapi_formauth.py” provided by AWS in order to login thru our AWS DAG SAML provider.
The major problem with AWS CLI is that DAG is protected against cross-site scripting by using javascript and signed iframe requests which is difficult to accomplish in python.
This is Frustrating! Facing the same issue. I’m not getting help from AWS and from the DUO side as well. With so many clients and implementations, none wanted to authenticate AWS CLI via DUO? The SAML that I am passing to https://signin.aws.amazon.com/saml is correct per AWS documentation, yet not able to log in. Not sure where the issue is. And do not have any logs or support to fix this issue.
The Duo SAML integrations for AWS do not support CLI access today; they require display of the Duo prompt in the browser for authentication. The AWS Directory Service configuration does (adding Duo via RADIUS to AWS directory).
