Skip to content

Releases: okta/okta-aws-cli

v1.2.0

15 Aug 15:36
@github-actions github-actions
v1.2.0
This tag was signed with the committer’s verified signature.
monde Mike Mondragon
GPG key ID: 15FE402B653C7BBD
Learn about vigilant mode.
e199e6a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.2.0

1.2.0 (August 15, 2023)

Assets 25
Loading

v1.1.0

13 Jul 23:32
@github-actions github-actions
v1.1.0
This tag was signed with the committer’s verified signature.
monde Mike Mondragon
GPG key ID: 15FE402B653C7BBD
Learn about vigilant mode.
6052448
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.0

1.1.0 (July 13, 2023)

  • Print out operational debugging information flag #113, thanks @monde!
Assets 25
Loading

v1.0.2

27 Jun 22:01
@github-actions github-actions
v1.0.2
This tag was signed with the committer’s verified signature.
monde Mike Mondragon
GPG key ID: 15FE402B653C7BBD
Learn about vigilant mode.
2511b2d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.2

1.0.2 (June 27, 2023)

  • #112, thanks @monde!
    • Fix broken preselecting --aws-iam-idp / OKTA_AWSCLI_IAM_IDP value #95
    • Ensure ENV VAR OKTA_AWSCLI_PROFILE is honored. #109
    • Operation to debug/inspect okta.yaml config for valid format #106
Assets 25
Loading

v1.0.1

04 May 21:14
@duytiennguyen-okta duytiennguyen-okta
v1.0.1
This tag was signed with the committer’s verified signature.
duytiennguyen-okta
GPG key ID: 9AD7AA526F4862ED
Learn about vigilant mode.
08b67cd
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.1

What's Changed

Contributors

duytiennguyen-okta
Assets 25
Loading

v1.0.0

02 May 23:54
@github-actions github-actions
v1.0.0
This tag was signed with the committer’s verified signature.
monde Mike Mondragon
GPG key ID: 15FE402B653C7BBD
Learn about vigilant mode.
8d38bda
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0

1.0.0 (May 02, 2023)

ENHANCEMENTS

NOTICES

New Features

  • --expiry-aws-variables CLI flag for x_security_token_expires support in AWS creds file
  • --cache-access-token CLI flag to cache the access token associated device authorization to preempt needing to open the browser frequently
  • Friendly IdP menu lables for long ARN values can be set in $HOME/.okta/okta.yaml

ENV VAR changes

The following ENV VARs have been renamed

old value new value
AWS_IAM_IDP OKTA_AWSCLI_IAM_IDP
AWS_IAM_ROLE OKTA_AWSCLI_IAM_ROLE
AWS_SESSION_DURATION OKTA_AWSCLI_SESSION_DURATION
FORMAT OKTA_AWSCLI_FORMAT
PROFILE OKTA_AWSCLI_PROFILE
QR_CODE OKTA_AWSCLI_QR_CODE
OPEN_BROWSER OKTA_AWSCLI_OPEN_BROWSER
AWS_CREDENTIALS OKTA_AWSCLI_AWS_CREDENTIALS
WRITE_AWS_CREDENTIALS OKTA_AWSCLI_WRITE_AWS_CREDENTIALS
LEGACY_AWS_VARIABLES OKTA_AWSCLI_LEGACY_AWS_VARIABLES
DEBUG_API_CALLS OKTA_AWSCLI_DEBUG_API_CALLS

Support for non-admin users needing multiple AWS Federation Application support

Multiple AWS environments requires extra configuration for non-admin users.
Follow these steps to support non-admin users.

  1. Create a custom admin role with the only permission being "View application
    and their details", and a resource set constrained to "All AWS Account
    Federation apps".

  2. Create a group that will contain the AWS custom admin role users.

  3. Add a rule on the admin console authentication policy that denies access if
    the use is a member of the group from step 2.

  4. Assign non-admin users this custom role in step 1 and assign them to the
    group in step 2.

The "Admin" button will be visible on the Okta dashboard of non-admin users but
they will receive a 403 if they attempt to open the Admin UI.

It is on our feature backlog to get support into the Okta API to allow the
multiple AWS Fed apps feature into okta-aws-cli without needing this work
around using a custom admin role.

Contributors

tim-fitzgerald
Assets 25
Loading

v0.3.0

15 Mar 23:14
@github-actions github-actions
v0.3.0
This tag was signed with the committer’s verified signature.
monde Mike Mondragon
GPG key ID: 15FE402B653C7BBD
Learn about vigilant mode.
a9e808a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.3.0

0.3.0 (March 15, 2023)

ENHANCEMENTS

  • Remove an extra colon in usage text #76, thanks @ZhongRuoyu!
  • Deal with deprecated/obsolete/unsupported aws_security_token variable #79, thanks @monde!
  • added proxy support to http client #80, thanks @SaltyPeaches!
  • Try to help the operator if they are using a URL format value for org #82, thanks @monde!
  • Pre-flight check if org is Classic or OIE #84, thanks @monde!
  • Promote AWS_REGION from .env if it exists for proper AWS API behavior #85, thanks @monde!
  • Emit tar.gz and zip archives upon release #87, thanks @monde!

BUG FIXES

  • Fix "SETX commands emitted on Windows have incorrect syntax" #78, thanks @laura-rodriguez!
  • Correctly set session duration from AWS_SESSION_DURATION env var #81, thanks @monde!

MAINTENANCE

NOTICES

In the v1.0.0 release ENV VARs specific to okta-aws-cli will be prefixed with
OKTA_ in 12factor format.

old value new value
AWS_IAM_IDP OKTA_AWSCLI_IAM_IDP
AWS_IAM_ROLE OKTA_AWSCLI_IAM_ROLE
AWS_SESSION_DURATION OKTA_AWSCLI_SESSION_DURATION
FORMAT OKTA_AWSCLI_FORMAT
PROFILE OKTA_AWSCLI_PROFILE
QR_CODE OKTA_AWSCLI_QR_CODE
OPEN_BROWSER OKTA_AWSCLI_OPEN_BROWSER
AWS_CREDENTIALS OKTA_AWSCLI_AWS_CREDENTIALS
WRITE_AWS_CREDENTIALS OKTA_AWSCLI_WRITE_AWS_CREDENTIALS
LEGACY_AWS_VARIABLES OKTA_AWSCLI_LEGACY_AWS_VARIABLES
DEBUG_API_CALLS OKTA_AWSCLI_DEBUG_API_CALLS
Assets 28
Loading

v0.2.1

25 Jan 01:14
@github-actions github-actions
v0.2.1
This tag was signed with the committer’s verified signature.
monde Mike Mondragon
GPG key ID: 15FE402B653C7BBD
Learn about vigilant mode.
bc63092
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.2.1

0.2.1 (January 24, 2023)

BUG FIXES

  • Fix IdP text rendering bug caused by linting changes #54, thanks @monde!
Assets 17
Loading

v0.2.0

24 Jan 19:28
@github-actions github-actions
v0.2.0
This tag was signed with the committer’s verified signature.
monde Mike Mondragon
GPG key ID: 15FE402B653C7BBD
Learn about vigilant mode.
04f11ac
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.2.0

0.2.0 (January 24, 2023)

ENHANCEMENTS

  • setx output when in Windows environment #49, thanks @monde!
  • --write-aws-credentials implies output format aws-credentials #40, thanks @monde!
  • Verbose HTTP API call/resonse logging with --debug-api-calls flag #43, thanks @monde!
  • Return underlying Error if present in fetchWebSSO() #47, thanks @emanor-okta!

BUG FIXES

  • Fix setting/getting IDP ARN value when Role Value Pattern is used on AWS Federation App #51, thanks @monde!
  • Accept OPEN_BROWSER, WRITE_AWS_CREDENTALS env vars #50, thanks @monde!
Assets 17
Loading

v0.1.0

22 Dec 20:15
@github-actions github-actions
v0.1.0
This tag was signed with the committer’s verified signature.
monde Mike Mondragon
GPG key ID: 15FE402B653C7BBD
Learn about vigilant mode.
f67a1e3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.0

0.1.0 (December 21, 2022)

First GA release

NEW FEATURES

  • Auto pop system web browser to device authorization form when --open-browser CLI flag is present - PR #21
  • Full multiple AWS Federation Applications support - see README - Multiple AWS environments - #28
  • Write/update (instead of append) AWS Credentials file when --write-aws-credentials CLI flag is present - PR #30

ENHANCEMENTS

  • Print response body with error message when API error occurs #22
  • Don't render ncurses select menu for IdP or Role when there is only one item to choose from #25
  • Document policy recommendation for AWS Fed App and OIDC Native App
  • Document need for AWS_REGION env variable if AWS IdP is in a non-commercial AWS region
  • Auto-correct org domain when it is in admin form - ORGNAME-admin.okta.com to ORGNAME.okta.com
  • Illustrate make tools is used to install the tools the Makefile makes use of
  • Notorizing OSX x86_64 and arm64 binaries

BUG FIXES

  • Correctly write creds file when AWS_CREDENTIALS env var is set
  • AWS_PROFILE is unnecessary in env var output
Assets 18
Loading

v0.0.4

24 Oct 22:51
@github-actions github-actions
v0.0.4
This tag was signed with the committer’s verified signature.
monde Mike Mondragon
GPG key ID: 15FE402B653C7BBD
Learn about vigilant mode.
bbc91ff
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.0.4

0.0.4 (October 24, 2022)

Assets 14
Loading