We have 100 AWS accounts. We use Okta for federated identity with AD. Each AWS role has an AD/Okta group
As an administrator, I would like a CLI tool that works in a similar fashion to the Okta IdP portal.
(1) After authentication I am presented with the list of AWS accounts I have access to
(2) I choose an AWS account, which then presents a list of roles I have access to in that account
(3) I choose/assume a role in that account and login
The okta-aws-cli-assume-role java tool provides the basic assume role funtionality, but it does not have a wizard to drill down to the role, which makes it a bit clunky
There are number of okta assume-role alternatives out on github, but the tool that comes closest to the above requirements is gimme-aws-creds. This tool uses an AWS API_gateway instance to proxy to the Okta Apps API, which is required for the wizard. Unfortunately there are no details on the API gateway/lambda config.
I am currently building something similar to the gimme-aws-creds using a fork of okta-sdk-python