AADA Downloads
Instructions
To use AADA, you'll need to download the appropriate binary (below) to your computer and place
it in your system PATH. This is typically /usr/local/bin
on Mac or a tools folder
on Windows. If you can open a terminal or command prompt and type aada
and it works,
the tool is installed successfully.
Start with configuration by running aada -configure
and aada will setup
your granted profiles into your AWS configuration. Each profile will be
configured to automatically call aada with the correct account and group
information by any app that uses the AWS SDK.
Next, role that aada needs to assume must trust arn:aws:iam::464079168809:role/aada-trustpoint
to
assume it. Without this trust, aada cannot give you credentials. For common shared accounts (like the AABG
sandbox), this is already done. For other accounts you might be using, the role may have to be updated.
Further, there is a very specific group format that aada uses. AWS_[AWS account number]_[Role name here]
. The
groups match up to the structure that ACP uses internally. When you request credentials to one of these roles,
your membership in the Azure AD group is verified before credentials are granted.
To test it out, run trusty get-caller-identity. On the first run, the aada authentication pop-through should come up, and your CLI call should complete successfully.
$ aws --profile role-name-here sts get-caller-identity { "UserId": "AREXAMPLEKEYIDGOESHERE:user.name@accenture.com", "Account": "123456789012", "Arn": "arn:aws:sts::123456789012:assumed-role/role-name-here/user.name@accenture.com" }
Once your first authentication completes, the credentials are cached in the aws credentials file so that subsequent API calls complete without the authentication pop-through. Credentials are good for an hour by default, and with a completely transparent experience, support for longer assumption times is not currently planned. Please reach out with good use-cases for longer assumption time.
Latest release is 1.2.5
(These links are generated dynamically and expire after 10 minutes.)