Active Directory資産を活用したAWS API認証

Active Directory資産を活用したAWS API認証

#AWS
#Active Directory(AD)
藤本 真司

藤本 真司

facebook logohatena logotwitter logo
Clock Icon2015.09.26

この記事は公開されてから1年以上経過しています。情報が古い可能性がありますので、ご注意ください。

はじめに

藤本です。

Active Directory資産活用シリーズです。 過去に2回、オンプレミスにあるActive Directory資産を活用したManagement Consoleへシングルサインオンする方法をご紹介しました。

第一回 : Active Directory資産を活用したAWS Management ConsoleへのSSO 第二回 : Active Directory資産を活用したAWS Management ConsoleへのSSO(AD Connector編)

AWSを利用する時、Management ConsoleからのGUI操作だけでよいでしょうか?そうですよね。API操作もしたいですよね。

ということで今回はActive Directoryでユーザー認証し、API操作する方法をご紹介します。

概要

AWSにAPIを発行する時の認証方法は大きく以下の2パターンがあります。

  • AccessKeyId + SecretAccessKey
  • AccessKeyId + SecretAccessKey + SecurityToken

前者は永続的なキーとなり、後者は一時的なキーとなります。今回の方法は後者となり、ADFSから発行されたSAML ResponseをSTSに渡すことで、一時的な認証情報(AccessKeyId、SecretAccessKey、SecurityToken)を受け取ることができます。

以下のような流れとなります。

  1. Client -> ADFS (ユーザー認証リクエスト)
  2. ADFS -> AD (ユーザー認証)
  3. AD -> ADFS (認証結果)
  4. ADFS -> Client (SAML Response)
  5. Client -> STS Endpoint (SAML ResponseでAssumeRole)
  6. STS Endpoint -> Client (Temporary Security Credential)
  7. ClientからのAPI発行!!

環境

接続元 : オンプレミス(自宅)

  • AD OS : Windows Server 2012R2 ミドルウェア : Active Directory ドメインサービス、DNSサーバー ADドメイン : fujimoto-home.local 利用するADアカウント : sfujimoto (所属グループ : AWS-developer、メールアドレス : [email protected])

  • ADFS OS : Windows Server 2012R2 ミドルウェア : Active Directory Federation Services

やってみた

設定

ADFS、AWSのSAML認証の設定は過去のエントリをご参照ください。

Active Directory資産を活用したAWS Management ConsoleへのSSO

SAML Response発行

ADFSに対してHTTPリクエストを発行することでSAML Responseを発行することができます。inputタグのValueがSAML ResponseがBase64エンコードされた値となります。AWSにはこのまま引き渡すのでコピーしてください。

# curl -ks -c cookies.txt -d 'Username=@&Password=&AuthMethod=FormsAuthentication' -X POST "https:///adfs/ls/idpinitiatedsignon/?loginToRp=urn:amazon:webservices"
# curl -ks -L -c cookies.txt -b cookies.txt -X GET "https:///adfs/ls/idpinitiatedsignon/?loginToRp=urn:amazon:webservices"

<form action="https://signin.aws.amazon.com:443/saml" method="POST" name="hiddenform"><input name="SAMLResponse" type="hidden" value="PHNhbWxwOlJlc3BvbnNlIElEPSJfNjQ3Y2QzZmUtMjE4OC00MWY3LTgyY2ItYTU3YmFiNmI5NTU5IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNS0wOS0yNFQxNDoyODowOS43OTlaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9zaWduaW4uYXdzLmFtYXpvbi5jb20vc2FtbCIgQ29uc2VudD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNvbnNlbnQ6dW5zcGVjaWZpZWQiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPjxJc3N1ZXIgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9hZGZzLmZ1amltb3RvLWhvbWUubG9jYWwvYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIgLz48L3NhbWxwOlN0YXR1cz48QXNzZXJ0aW9uIElEPSJfNmJkMjNiMzQtMDcwNy00NjM4LWIxYjYtOGZkMmY4NGQ1NWIzIiBJc3N1ZUluc3RhbnQ9IjIwMTUtMDktMjRUMTQ6Mjg6MDkuNzk5WiIgVmVyc2lvbj0iMi4wIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PElzc3Vlcj5odHRwOi8vYWRmcy5mdWppbW90by1ob21lLmxvY2FsL2FkZnMvc2VydmljZXMvdHJ1c3Q8L0lzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIgLz48ZHM6UmVmZXJlbmNlIFVSST0iI182YmQyM2IzNC0wNzA3LTQ2MzgtYjFiNi04ZmQyZjg0ZDU1YjMiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIgLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiAvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkczpEaWdlc3RWYWx1ZT5rZmp5bk5QalpYR2hoODRlQkJRaDA2YVdESnBvN3BkakFJaXJONkU2N3M0PTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5TZjQrbm01elZ2OEtNUGFKdzlZM01oWDNyUldSRHBVa1RIWlRWNmwyMGRuaHpOWXJ0czNIeVM3S213Mmlod2RkWDExMklLRlRRTVovSHJaaExka0tOSW1aTlFDckpEdVk0TUdRd0V0L2tFM0taejZJUDR1U0xsS2JLb1VlNjMrNG9JSlFNdk1ucmUweDQva2h2clpGemZQMnIrSGRPaDdKQkFudGJPNmtaRWVLWmovSDZrQk1wNDJqM2hwQTRXMFVBdER0WWtBWXZRbDNudWlUNE92Wkk4UXNDYnJSWjNvZFMxa0dxQkxsV2FiWXVoQ0x0M01GMExkUTJlVHhBcDRPUmpUT2hrcGJiQTI2WC8vdlVPZnRLbHZRNEZTdzhNWmo4RGx2UXpqVlpvejBFd0NFNTcvVUZXUEw4dmpwQnFIdUcvRHpxVjVubXE0bXZKbkdJWXZrWHc9PTwvZHM6U2lnbmF0dXJlVmFsdWU+PEtleUluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUM3RENDQWRTZ0F3SUJBZ0lRVnhDUWVGNXh6b0ZHTzBMbzc3OXNkakFOQmdrcWhraUc5dzBCQVFzRkFEQXlNVEF3TGdZRFZRUURFeWRCUkVaVElGTnBaMjVwYm1jZ0xTQmhaR1p6TG1aMWFtbHRiM1J2TFdodmJXVXViRzlqWVd3d0hoY05NVFV3T0RFNU1UVXhNak0xV2hjTk1UWXdPREU0TVRVeE1qTTFXakF5TVRBd0xnWURWUVFERXlkQlJFWlRJRk5wWjI1cGJtY2dMU0JoWkdaekxtWjFhbWx0YjNSdkxXaHZiV1V1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDe000000000000000000000000000000000oRUNWTGY0K2RPWC9ZSVNtbTBNTURxbVhFNTFNZm1TQzI5aWN3Z2s4SFIxZDRKSFZHZk0zT1krRWhwRkVtUysyZFlvcDQyQXBHbHlnY1ZsNUZzUVRKWW9ZYmg2dXZEMmcwM1dSQUdFbS9wSHRzQWJoMDlwbisvZ0pxeWVWZUNNRzRoY2h3Kzd3WUR2TW1mOTkrZElPbVFlcHVuMTVTU1d1WjdiYTl5WnRQNzhmamhncFJDNERJVVFxQmpnVDlMbjZuM2Y0blpUMTNFcUdwcFYzaHdHZHpnb2NNVlZqTklXZFZGa2gxSkIzSlhKTEt6MFJZbHB5VEwzcDZVQ2RzY3VnQ2p1NjlURy9zR3h1SnBsVnVqMXQrb3owcmluWEdNOGNZdWhTdVkveEdMd0ZmOXczQnExaFF4MTdBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFDQWN4M0JabUFtQ3BFd29qVWJNbXZONXJkT3dWMEhQSXhQMVV1amdQNDZMV2tsLzdBbVV3aUFpK0xUZXNmVHE3UTViT0pkcEp6YkMydXN6UkNnODFiR0JaSmZSSU9mZnU2amZ1WEovT1A0Yllsc1B5VHV6TzR3TnhhcWlMTXFRRklWOGNiWXVCVUhFTldMVUhmTEdBdWowdzF5M2NUdUdzQ3FWNk1FdFkrMmlUWkNPRUZNcnc0V25VRlNPSDJ5SGpNOFdXZEhycFhQMytxWVk0bU9IaUt5MFJzQUZLelVSUlAxVk9FREpFWHkycE9xWkZ6QXAxUHg4ZGhFTW53VWczVExJOVVQbmR4ZlZzM0FmeEpZSXpjcTAyZlY0R05MQTlQby9hNmVzck5DbzJrTWJQZUFyVVdnVjVGL2g5SVZjVTV4c2lMWkVnSEpPcVFmdW9sZ2V5a2M9PC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L0tleUluZm8+PC9kczpTaWduYXR1cmU+PFN1YmplY3Q+PE5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnBlcnNpc3RlbnQiPkZVSklNT1RPLUhPTUVcc2Z1amltb3RvPC9OYW1lSUQ+PFN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDE1LTA5LTI0VDE0OjMzOjA5Ljc5OVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9zaWd000000000000000000000000000lY3RDb25maXJtYXRpb24+PC9TdWJqZWN0PjxDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNS0wOS0yNFQxNDoyODowOS43OTlaIiBOb3RPbk9yQWZ0ZXI9IjIwMTUtMDktMjRUMTU6Mjg6MDkuNzk5WiI+PEF1ZGllbmNlUmVzdHJpY3Rpb24+PEF1ZGllbmNlPnVybjphbWF6b246d2Vic2VydmljZXM8L0F1ZGllbmNlPjwvQXVkaWVuY2VSZXN0cmljdGlvbj48L0NvbmRpdGlvbnM+PEF0dHJpYnV0ZVN0YXRlbWVudD48QXR0cmlidXRlIE5hbWU9Imh0dHBzOi8vYXdzLmFtYXpvbi5jb20vU0FNTC9BdHRyaWJ1dGVzL1JvbGVTZXNzaW9uTmFtZAI+PEF0dHJpYnV0ZVZhbHVlPnNmdWppbW90b0BmdWppbW90by1ob21lLmxvY2FsPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48QXR0cmlidXRlIE5hbWU9Imh0dHBzOi8vYXdzLmFtYXpvbi5jb20vU0FNTC9BdHRyaWJ1dGVzL1JvbGUiPjxBdHRyaWJ1dGVWYWx1ZT5hcm46YXdzOmlh3To6MjkwNTM2NDg0NzcxOnNhbWwtcHJvdmlkZXIvZnVqaW1vdG8taG9tZSwgYXJuOmF3czppYW06OjI5MDUzNjQ4NDc3MTpyb2xlL0FERlMtZGV2ZWxvcGVyPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48L0F0dHJpYnV0ZVN0YXRlbWVudD43QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE1LTA5LTI0VDE0OjI3OjU4Ljc4M1oiIFNlc3Npb25JbmRleD0iXzZiZDIzYjM0LTA3MDctNDYzOC1iMWI2LThmZDJmODRkNTViMyI+PEF1dGhuQ29udGV4dD48QXV0aG1Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L0F1dGhuQ29udGV4dENsYXNzUmVmPjwvQXV0aG5Db250ZXh0PjwvQXV0aG5TdGF0ZW1lbnQ+PC9Bc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4=" /><noscript>

スクリプトが無効です。続けるには、[送信] をクリックしてください。

<input type="submit" value="Submit" /></noscript>

</form><script language="javascript">window.setTimeout('document.forms[0].submit()', 0);</script>

もちろんbase64ですのでデコードすることが可能です。

# echo "PHNhbWxwOlJlc3BvbnNlIElEPSJfNjQ3Y2QzZmUtMjE4OC00MWY3LTgyY2ItYTU3YmFiNmI5NTU5IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNS0wOS0yNFQxNDoyODowOS43OTlaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9zaWduaW4uYXdzLmFtYXpvbi5jb20vc2FtbCIgQ29uc2VudD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNvbnNlbnQ6dW5zcGVjaWZpZWQiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPjxJc3N1ZXIgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9hZGZzLmZ1amltb3RvLWhvbWUubG9jYWwvYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIgLz48L3NhbWxwOlN0YXR1cz48QXNzZXJ0aW9uIElEPSJfNmJkMjNiMzQtMDcwNy00NjM4LWIxYjYtOGZkMmY4NGQ1NWIzIiBJc3N1ZUluc3RhbnQ9IjIwMTUtMDktMjRUMTQ6Mjg6MDkuNzk5WiIgVmVyc2lvbj0iMi4wIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PElzc3Vlcj5odHRwOi8vYWRmcy5mdWppbW90by1ob21lLmxvY2FsL2FkZnMvc2VydmljZXMvdHJ1c3Q8L0lzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIgLz48ZHM6UmVmZXJlbmNlIFVSST0iI182YmQyM2IzNC0wNzA3LTQ2MzgtYjFiNi04ZmQyZjg0ZDU1YjMiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIgLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiAvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkczpEaWdlc3RWYWx1ZT5rZmp5bk5QalpYR2hoODRlQkJRaDA2YVdESnBvN3BkakFJaXJONkU2N3M0PTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5TZjQrbm01elZ2OEtNUGFKdzlZM01oWDNyUldSRHBVa1RIWlRWNmwyMGRuaHpOWXJ0czNIeVM3S213Mmlod2RkWDExMklLRlRRTVovSHJaaExka0tOSW1aTlFDckpEdVk0TUdRd0V0L2tFM0taejZJUDR1U0xsS2JLb1VlNjMrNG9JSlFNdk1ucmUweDQva2h2clpGemZQMnIrSGRPaDdKQkFudGJPNmtaRWVLWmovSDZrQk1wNDJqM2hwQTRXMFVBdER0WWtBWXZRbDNudWlUNE92Wkk4UXNDYnJSWjNvZFMxa0dxQkxsV2FiWXVoQ0x0M01GMExkUTJlVHhBcDRPUmpUT2hrcGJiQTI2WC8vdlVPZnRLbHZRNEZTdzhNWmo4RGx2UXpqVlpvejBFd0NFNTcvVUZXUEw4dmpwQnFIdUcvRHpxVjVubXE0bXZKbkdJWXZrWHc9PTwvZHM6U2lnbmF0dXJlVmFsdWU+PEtleUluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUM3RENDQWRTZ0F3SUJBZ0lRVnhDUWVGNXh6b0ZHTzBMbzc3OXNkakFOQmdrcWhraUc5dzBCQVFzRkFEQXlNVEF3TGdZRFZRUURFeWRCUkVaVElGTnBaMjVwYm1jZ0xTQmhaR1p6TG1aMWFtbHRiM1J2TFdodmJXVXViRzlqWVd3d0hoY05NVFV3T0RFNU1UVXhNak0xV2hjTk1UWXdPREU0TVRVeE1qTTFXakF5TVRBd0xnWURWUVFERXlkQlJFWlRJRk5wWjI1cGJtY2dMU0JoWkdaekxtWjFhbWx0YjNSdkxXaHZiV1V1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDe000000000000000000000000000000000oRUNWTGY0K2RPWC9ZSVNtbTBNTURxbVhFNTFNZm1TQzI5aWN3Z2s4SFIxZDRKSFZHZk0zT1krRWhwRkVtUysyZFlvcDQyQXBHbHlnY1ZsNUZzUVRKWW9ZYmg2dXZEMmcwM1dSQUdFbS9wSHRzQWJoMDlwbisvZ0pxeWVWZUNNRzRoY2h3Kzd3WUR2TW1mOTkrZElPbVFlcHVuMTVTU1d1WjdiYTl5WnRQNzhmamhncFJDNERJVVFxQmpnVDlMbjZuM2Y0blpUMTNFcUdwcFYzaHdHZHpnb2NNVlZqTklXZFZGa2gxSkIzSlhKTEt6MFJZbHB5VEwzcDZVQ2RzY3VnQ2p1NjlURy9zR3h1SnBsVnVqMXQrb3owcmluWEdNOGNZdWhTdVkveEdMd0ZmOXczQnExaFF4MTdBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFDQWN4M0JabUFtQ3BFd29qVWJNbXZONXJkT3dWMEhQSXhQMVV1amdQNDZMV2tsLzdBbVV3aUFpK0xUZXNmVHE3UTViT0pkcEp6YkMydXN6UkNnODFiR0JaSmZSSU9mZnU2amZ1WEovT1A0Yllsc1B5VHV6TzR3TnhhcWlMTXFRRklWOGNiWXVCVUhFTldMVUhmTEdBdWowdzF5M2NUdUdzQ3FWNk1FdFkrMmlUWkNPRUZNcnc0V25VRlNPSDJ5SGpNOFdXZEhycFhQMytxWVk0bU9IaUt5MFJzQUZLelVSUlAxVk9FREpFWHkycE9xWkZ6QXAxUHg4ZGhFTW53VWczVExJOVVQbmR4ZlZzM0FmeEpZSXpjcTAyZlY0R05MQTlQby9hNmVzck5DbzJrTWJQZUFyVVdnVjVGL2g5SVZjVTV4c2lMWkVnSEpPcVFmdW9sZ2V5a2M9PC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L0tleUluZm8+PC9kczpTaWduYXR1cmU+PFN1YmplY3Q+PE5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnBlcnNpc3RlbnQiPkZVSklNT1RPLUhPTUVcc2Z1amltb3RvPC9OYW1lSUQ+PFN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDE1LTA5LTI0VDE0OjMzOjA5Ljc5OVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9zaWd000000000000000000000000000lY3RDb25maXJtYXRpb24+PC9TdWJqZWN0PjxDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNS0wOS0yNFQxNDoyODowOS43OTlaIiBOb3RPbk9yQWZ0ZXI9IjIwMTUtMDktMjRUMTU6Mjg6MDkuNzk5WiI+PEF1ZGllbmNlUmVzdHJpY3Rpb24+PEF1ZGllbmNlPnVybjphbWF6b246d2Vic2VydmljZXM8L0F1ZGllbmNlPjwvQXVkaWVuY2VSZXN0cmljdGlvbj48L0NvbmRpdGlvbnM+PEF0dHJpYnV0ZVN0YXRlbWVudD48QXR0cmlidXRlIE5hbWU9Imh0dHBzOi8vYXdzLmFtYXpvbi5jb20vU0FNTC9BdHRyaWJ1dGVzL1JvbGVTZXNzaW9uTmFtZAI+PEF0dHJpYnV0ZVZhbHVlPnNmdWppbW90b0BmdWppbW90by1ob21lLmxvY2FsPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48QXR0cmlidXRlIE5hbWU9Imh0dHBzOi8vYXdzLmFtYXpvbi5jb20vU0FNTC9BdHRyaWJ1dGVzL1JvbGUiPjxBdHRyaWJ1dGVWYWx1ZT5hcm46YXdzOmlh3To6MjkwNTM2NDg0NzcxOnNhbWwtcHJvdmlkZXIvZnVqaW1vdG8taG9tZSwgYXJuOmF3czppYW06OjI5MDUzNjQ4NDc3MTpyb2xlL0FERlMtZGV2ZWxvcGVyPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48L0F0dHJpYnV0ZVN0YXRlbWVudD43QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE1LTA5LTI0VDE0OjI3OjU4Ljc4M1oiIFNlc3Npb25JbmRleD0iXzZiZDIzYjM0LTA3MDctNDYzOC1iMWI2LThmZDJmODRkNTViMyI+PEF1dGhuQ29udGV4dD48QXV0aG1Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L0F1dGhuQ29udGV4dENsYXNzUmVmPjwvQXV0aG5Db250ZXh0PjwvQXV0aG5TdGF0ZW1lbnQ+PC9Bc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4=" |base64 -D
http:///adfs/services/trusthttp:///adfs/services/trustkfjynNPjZXGhh84eBBQh06aWDJpo7pdjAIirN6E67s4=Sf4+nm5zVv8KMPaJw9Y3MhX3rRWRDpUkTHZTV6l20dnhzNYrts3HyS7Kmw2ihwddX112IdFTQMZ/HrZhLdkKNImZNQCrJDuY4MGQwEt/kE3KZz6IP4uSLlKbKoUe63+4oIJQMvMnre0x4/khvrZFzfP2r+HdOh7JBAntbO6kZEeKZj/H6kBMp42j3hpA4W0UAtDtYkAsvQl3nuiT4OvZI8QsCbrRZ3odS1kGqBLlWabYuhCLt3MF0LdQ2eTxAp4ORjTOhkpbbA26X//vUOftKlvQ4FSw8MZj8DlvQzjVZoz0EwCE57/UFWPL8vjpBqHuG/DzqV5nmq4mvJnGIYvkXw==MIIC7DCCAdSgAwIBAgIQVxCQeF5xzoFGO0Lo779sdjANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydBREZTIFNpZ25pbmcgLSBhZGZzLmZ1amltb3RvLWhvbWUubG9jYWwwHhcNMTUwODE5MTUxMjM1WhcNMTYwODE4MTUxMjM1WjAyMTAwLgYDVQQDEydBREZTIFNpZ25pbmcgLSBhZGZzLmZ1amltb3RvLWhvbWUubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxJoAv3zKf3erfpzbuBsnmlj223OxHhECVLf4+dOX/YISmm0MMDqmXE51MfmSC29icwgk8HR1d4JHVGfM3OY+EhpFEmS+2dYop42ApGlygcVl5FsQTJYoYbh6uvD2g03WRAGEm/pHtsAbh09pn+/gJqyeVeCMG4hchw+7wYDvMmf99+dIOmQepun15SSWuZaba9yZtP78fjhgpRC4DIUQqBjgT9Ln6n3f4nZT13EqGppV3hwGdzgocMVVjNIWdVFkh1JB3JXJLKz0RYlpyTL3p6UCdscugCju69TG/sGxuJplVuj1t+oz0rinXGM8cYuhSuY/xGLwFf9w3Bq1hQx17AaMBAAEwDQYJKoZIhvcNAQELBQADggEBACAcx3BZmAmCpEwojUbMmvN5rdOwV0HPIxP1UujgP46LWkl/7AmUgiAi+LTesfTq7Q5bOJdpJzbC2uszRCg81bGBZJfRIOffu6jfuXJ/OP4bYlsPyTuzO4wNxaqiLMqQFIV8cbYuBUHENWLUHfLGAuj0w1y3cTuGsCqV6MEtY+2iTZCOEFMrw4WnUFSOH2yHjM8WWdHrpXP3+qYY4mOHiKy0RsAFKzURRP1VOEDJEXy2pOqZFzAp1Px8dhEMnwUg3TLI9UPndxfVs3AfxJYIzcq02fV4GNLA9Po/a6esrNCo2kMbPeArUWgV5F/h9IVcU5xsiLZEgHJOqQfuolgeykc=FUJIMOTO-HOME\sfujimotourn:amazon:[email protected]:aws:iam::000000000000:saml-provider/fujimoto-home, arn:aws:iam::000000000000:role/ADFS-developerurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

このようにSAML ResponseはAssertion IDやClaim Ruleの結果が含まれます。

一時的な認証情報発行

AWS STS APIのAssumeRoleWithSamlを利用して、一時的な認証情報を発行します。 オプションにRoleARN、SAMLProviderARN、SAML Responseを与えます。

# aws sts assume-role-with-saml --role-arn arn:aws:iam::000000000000:role/ADFS-developer --principal-arn arn:aws:iam::000000000000:saml-provider/fujimoto-home --saml-assertion "PHNhbWxwOlJlc3BvbnNlIElEPSJfNjQ3Y2QzZmUtMjE4OC00MWY3LTgyY2ItYTU3YmFiNmI5NTU5IiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxNS0wOS0yNFQxNDoyODowOS43OTlaIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9zaWduaW4uYXdzLmFtYXpvbi5jb20vc2FtbCIgQ29uc2VudD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNvbnNlbnQ6dW5zcGVjaWZpZWQiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPjxJc3N1ZXIgeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9hZGZzLmZ1amltb3RvLWhvbWUubG9jYWwvYWRmcy9zZXJ2aWNlcy90cnVzdDwvSXNzdWVyPjxzYW1scDpTdGF0dXM+PHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIgLz48L3NhbWxwOlN0YXR1cz48QXNzZXJ0aW9uIElEPSJfNmJkMjNiMzQtMDcwNy00NjM4LWIxYjYtOGZkMmY4NGQ1NWIzIiBJc3N1ZUluc3RhbnQ9IjIwMTUtMDktMjRUMTQ6Mjg6MDkuNzk5WiIgVmVyc2lvbj0iMi4wIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PElzc3Vlcj5odHRwOi8vYWRmcy5mdWppbW90by1ob21lLmxvY2FsL2FkZnMvc2VydmljZXMvdHJ1c3Q8L0lzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgLz48ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIgLz48ZHM6UmVmZXJlbmNlIFVSST0iI182YmQyM2IzNC0wNzA3LTQ2MzgtYjFiNi04ZmQyZjg0ZDU1YjMiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIgLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIiAvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkczpEaWdlc3RWYWx1ZT5rZmp5bk5QalpYR2hoODRlQkJRaDA2YVdESnBvN3BkakFJaXJONkU2N3M0PTwvZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5TZjQrbm01elZ2OEtNUGFKdzlZM01oWDNyUldSRHBVa1RIWlRWNmwyMGRuaHpOWXJ0czNIeVM3S213Mmlod2RkWDExMklLRlRRTVovSHJaaExka0tOSW1aTlFDckpEdVk0TUdRd0V0L2tFM0taejZJUDR1U0xsS2JLb1VlNjMrNG9JSlFNdk1ucmUweDQva2h2clpGemZQMnIrSGRPaDdKQkFudGJPNmtaRWVLWmovSDZrQk1wNDJqM2hwQTRXMFVBdER0WWtBWXZRbDNudWlUNE92Wkk4UXNDYnJSWjNvZFMxa0dxQkxsV2FiWXVoQ0x0M01GMExkUTJlVHhBcDRPUmpUT2hrcGJiQTI2WC8vdlVPZnRLbHZRNEZTdzhNWmo4RGx2UXpqVlpvejBFd0NFNTcvVUZXUEw4dmpwQnFIdUcvRHpxVjVubXE0bXZKbkdJWXZrWHc9PTwvZHM6U2lnbmF0dXJlVmFsdWU+PEtleUluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUM3RENDQWRTZ0F3SUJBZ0lRVnhDUWVGNXh6b0ZHTzBMbzc3OXNkakFOQmdrcWhraUc5dzBCQVFzRkFEQXlNVEF3TGdZRFZRUURFeWRCUkVaVElGTnBaMjVwYm1jZ0xTQmhaR1p6TG1aMWFtbHRiM1J2TFdodmJXVXViRzlqWVd3d0hoY05NVFV3T0RFNU1UVXhNak0xV2hjTk1UWXdPREU0TVRVeE1qTTFXakF5TVRBd0xnWURWUVFERXlkQlJFWlRJRk5wWjI1cGJtY2dMU0JoWkdaekxtWjFhbWx0YjNSdkxXaHZiV1V1Ykc5allXd3dnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDe000000000000000000000000000000000oRUNWTGY0K2RPWC9ZSVNtbTBNTURxbVhFNTFNZm1TQzI5aWN3Z2s4SFIxZDRKSFZHZk0zT1krRWhwRkVtUysyZFlvcDQyQXBHbHlnY1ZsNUZzUVRKWW9ZYmg2dXZEMmcwM1dSQUdFbS9wSHRzQWJoMDlwbisvZ0pxeWVWZUNNRzRoY2h3Kzd3WUR2TW1mOTkrZElPbVFlcHVuMTVTU1d1WjdiYTl5WnRQNzhmamhncFJDNERJVVFxQmpnVDlMbjZuM2Y0blpUMTNFcUdwcFYzaHdHZHpnb2NNVlZqTklXZFZGa2gxSkIzSlhKTEt6MFJZbHB5VEwzcDZVQ2RzY3VnQ2p1NjlURy9zR3h1SnBsVnVqMXQrb3owcmluWEdNOGNZdWhTdVkveEdMd0ZmOXczQnExaFF4MTdBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFDQWN4M0JabUFtQ3BFd29qVWJNbXZONXJkT3dWMEhQSXhQMVV1amdQNDZMV2tsLzdBbVV3aUFpK0xUZXNmVHE3UTViT0pkcEp6YkMydXN6UkNnODFiR0JaSmZSSU9mZnU2amZ1WEovT1A0Yllsc1B5VHV6TzR3TnhhcWlMTXFRRklWOGNiWXVCVUhFTldMVUhmTEdBdWowdzF5M2NUdUdzQ3FWNk1FdFkrMmlUWkNPRUZNcnc0V25VRlNPSDJ5SGpNOFdXZEhycFhQMytxWVk0bU9IaUt5MFJzQUZLelVSUlAxVk9FREpFWHkycE9xWkZ6QXAxUHg4ZGhFTW53VWczVExJOVVQbmR4ZlZzM0FmeEpZSXpjcTAyZlY0R05MQTlQby9hNmVzck5DbzJrTWJQZUFyVVdnVjVGL2g5SVZjVTV4c2lMWkVnSEpPcVFmdW9sZ2V5a2M9PC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L0tleUluZm8+PC9kczpTaWduYXR1cmU+PFN1YmplY3Q+PE5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OnBlcnNpc3RlbnQiPkZVSklNT1RPLUhPTUVcc2Z1amltb3RvPC9OYW1lSUQ+PFN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDE1LTA5LTI0VDE0OjMzOjA5Ljc5OVoiIFJlY2lwaWVudD0iaHR0cHM6Ly9zaWd000000000000000000000000000lY3RDb25maXJtYXRpb24+PC9TdWJqZWN0PjxDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxNS0wOS0yNFQxNDoyODowOS43OTlaIiBOb3RPbk9yQWZ0ZXI9IjIwMTUtMDktMjRUMTU6Mjg6MDkuNzk5WiI+PEF1ZGllbmNlUmVzdHJpY3Rpb24+PEF1ZGllbmNlPnVybjphbWF6b246d2Vic2VydmljZXM8L0F1ZGllbmNlPjwvQXVkaWVuY2VSZXN0cmljdGlvbj48L0NvbmRpdGlvbnM+PEF0dHJpYnV0ZVN0YXRlbWVudD48QXR0cmlidXRlIE5hbWU9Imh0dHBzOi8vYXdzLmFtYXpvbi5jb20vU0FNTC9BdHRyaWJ1dGVzL1JvbGVTZXNzaW9uTmFtZAI+PEF0dHJpYnV0ZVZhbHVlPnNmdWppbW90b0BmdWppbW90by1ob21lLmxvY2FsPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48QXR0cmlidXRlIE5hbWU9Imh0dHBzOi8vYXdzLmFtYXpvbi5jb20vU0FNTC9BdHRyaWJ1dGVzL1JvbGUiPjxBdHRyaWJ1dGVWYWx1ZT5hcm46YXdzOmlh3To6MjkwNTM2NDg0NzcxOnNhbWwtcHJvdmlkZXIvZnVqaW1vdG8taG9tZSwgYXJuOmF3czppYW06OjI5MDUzNjQ4NDc3MTpyb2xlL0FERlMtZGV2ZWxvcGVyPC9BdHRyaWJ1dGVWYWx1ZT48L0F0dHJpYnV0ZT48L0F0dHJpYnV0ZVN0YXRlbWVudD43QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE1LTA5LTI0VDE0OjI3OjU4Ljc4M1oiIFNlc3Npb25JbmRleD0iXzZiZDIzYjM0LTA3MDctNDYzOC1iMWI2LThmZDJmODRkNTViMyI+PEF1dGhuQ29udGV4dD48QXV0aG1Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L0F1dGhuQ29udGV4dENsYXNzUmVmPjwvQXV0aG5Db250ZXh0PjwvQXV0aG5TdGF0ZW1lbnQ+PC9Bc3NlcnRpb24+PC9zYW1scDpSZXNwb25zZT4="
{
"Audience": "https://signin.aws.amazon.com/saml",
"NameQualifier": "j8KnghRbguhf/c+FfoMsluk8ke0=",
"AssumedRoleUser": {
"Arn": "arn:aws:sts::00000000:assumed-role/ADFS-developer/[email protected]",
"AssumedRoleId": "AROAJ55S34ROZ6QCWKYFS:[email protected]"
},
"Subject": "FUJIMOTO-HOME\\sfujimoto",
"Credentials": {
"Expiration": "2015-09-24T15:44:35Z",
"SessionToken": "AQoDYXdzEBgagAMBsEgf5oDM+LG4prWyRUk/FNRcoWo8paEaz1wLjRZs8NALJ/6RiVUPZQW1jkhJsDe2e1cY8GsNfE645bA5dCOtW9RXGub6+2uf51w9huaO3kZXx49sH9BBuPUdGAV34dfwM7TTL4e6bJLK5Oyva6I1314xGUeEVSoPV08L977N/ft0GEnJXURAkkNhPyuY6l4L3nxv5Mi/QlLtxwNvAyzjdcbxJyO09tkAG1tl38Wtn9wrQaSU5PojxHu415tteesanrITE3IfBVO734N9CfNJ7YgQ7J7IQQ5yUX2BP31QCsqe7YWFwQ2lMMXjQIIWjgQ/0QfEwB9rxrZcP6EJrzlxq0OyDDzySPabeaz6ZjydHTPec1WsSIi/Hg1wxY5NPjqLKUXYbAegIIMI0twsHNx2GKqhu+AgOqZA24nme8iRaS/RcODKNIgs9wMyKkmtegvYQYzuQ04tVYBx1O1OlztGmrKs+x+zsgQLj6gVWLkYHPj37h/FVsPvZcB5WBDLx/wg05iQsAU=",
"AccessKeyId": "ASIAJI2V66WANRTD5BFQ",
"SecretAccessKey": "/VbW13iSqWgfQowWHffGAKrt7a17oT9hUVi24cyd"
},
"SubjectType": "persistent",
"Issuer": "http:///adfs/services/trust"
}

AccessKeyId、SecretAccessKey、SessionTokenがレスポンスに含まれています。これらをCredentialに利用して、AWS APIを発行してみましょう。S3のバケットを取得してみます。

# export AWS_ACCESS_KEY_ID=ASIAJI2V66WANRTD5BFQ
# export AWS_SECRET_ACCESS_KEY=/VbW13iSqWgfQowWHffGAKrt7a17oT9hUVi24cyd
# export AWS_SESSION_TOKEN=AQoDYXdzEBgagAMBsEgf5oDM+LG4prWyRUk/FNRcoWo8paEaz1wLjRZs8NALJ/6RiVUPZQW1jkhJsDe2e1cY8GsNfE645bA5dCOtW9RXGub6+2uf51w9huaO3kZXx49sH9BBuPUdGAV34dfwM7TTL4e6bJLK5Oyva6I1314xGUeEVSoPV08L977N/ft0GEnJXURAkkNhPyuY6l4L3nxv5Mi/QlLtxwNvAyzjdcbxJyO09tkAG1tl38Wtn9wrQaSU5PojxHu415tteesanrITE3IfBVO734N9CfNJ7YgQ7J7IQQ5yUX2BP31QCsqe7YWFwQ2lMMXjQIIWjgQ/0QfEwB9rxrZcP6EJrzlxq0OyDDzySPabeaz6ZjydHTPec1WsSIi/Hg1wxY5NPjqLKUXYbAegIIMI0twsHNx2GKqhu+AgOqZA24nme8iRaS/RcODKNIgs9wMyKkmtegvYQYzuQ04tVYBx1O1OlztGmrKs+x+zsgQLj6gVWLkYHPj37h/FVsPvZcB5WBDLx/wg05iQsAU=
# export AWS_DEFAULT_REGION="ap-northeast-1"
# aws s3 ls
2015-08-28 16:45:51 cf-templates-1powceaee2ee2-ap-northeast-1

バケット情報を取得できました。一時的な認証情報の取得に成功しています。

スクリプト化

これらの認証を実施するpythonスクリプトをgistに公開しました。

実行すると以下のようになります。

# ./assume_role_for_adfs.py --adfs-fqdn adfs.fujimoto-home.local --username [email protected]
[email protected]'s Password:
Execute following commands to set AWS credentials
-----
export AWS_ACCESS_KEY_ID=ASIAI6FEUDEHPV325XJA
export AWS_SECRET_ACCESS_KEY=FVxf8XqxnRb8snorPxu0lqQxSofjyJCOfDSw4g8P
export AWS_SESSION_TOKEN=AQoDYXdzEEEa8AIsPa6X9Uf6mOJ7X6BDeSF7CJWITEJkyo3qcTfGPUoIbSsmXwMpnsfDLCvj+O87T9D1og8hsoTXF7eR9VJDTG2BPnvN1cn0Zop/1RBuVF77QaaSituzTPBlamQpAmm72mzb0oX7MMw/fWu9B4haCkWkUJHID7vVK/8s7YbRPAu/y8P0zod4UGuSoKA4ko8DdrjS89sB89gTwr1YdotzqdeSj5yI4Nshg+JDHebI/V8M+EPsDARQs5Axl+uTGoGLl8cMiN7WGXX8Ng7p2F8bHWYnWCcOJjfkKHDvuOJT0vL5vCF9aHwgGqAnThzHFEst83CpqHyyPQzoAkBd6zuGlNbObV0O9NWrNbq6+eFBN/y36SpWN9TKjZGc63XoPjmVqmjopMLjGcri1jDWoyHtWorrFMHJbe7Q9UKK/AbMDp0PQCbZNoHcFImBSZU8yUptsWJx0LM1Mge3hU69wy+D5sh+2D9nk4bGgKv1UEf2syXpKyCCl5mwBQ==

まとめ

いかがでしたでしょうか? Active Directoryを活用したManagement ConsoleへのSSO、一時的なAPI認証情報の取得をご紹介しました。既存の環境にActive Directoryがある組織はAWS上でIAM Roleさえ作成してしまえば、IAMユーザーを作らずともアカウント管理をActive Directoryに委任することができます。

参考情報

How to Implement Federated API and CLI Access Using SAML 2.0 and AD FS SAML wrapper for aws cli

Share this article

facebook logohatena logotwitter logo

関連記事

[調査報告] Amazon Athena 従来のS3ファイルレイアウトとIcebergテーブルフォーマットのデータ容量比較

[調査報告] Amazon Athena 従来のS3ファイルレイアウトとIcebergテーブルフォーマットのデータ容量比較

User avatar
石川覚
2024.10.25
AWS Backup のボールトや復旧ポイントを全て削除しても BackupEvaluations-Count という料金が発生し続けていいたので対処してみた

AWS Backup のボールトや復旧ポイントを全て削除しても BackupEvaluations-Count という料金が発生し続けていいたので対処してみた

User avatar
いわさ
2024.10.25
AWS CLI を用いて Amazon CloudWatch Logs ロググループのタグ値を一括変更してみた

AWS CLI を用いて Amazon CloudWatch Logs ロググループのタグ値を一括変更してみた

User avatar
yhana
2024.10.25
[廃止] Amazon Nimble Studioがサービス終了しました

[廃止] Amazon Nimble Studioがサービス終了しました

User avatar
Takuya Shibata
2024.10.25
Classmethod's white logo
Facebook's logo
X's logo
YouTube's logo

© Classmethod, Inc. All rights reserved.