CloudKeeper - Credential Helper is a Chrome extension that enables the retrieval of AWS CLI credentials for external AWS accounts in AWS SSO by passing the SAML Assertion to AWS Security Token Service. Simply click on the extension while logged into the desired external AWS account, and the credentials will be available for you to copy and use with the AWS CLI on your local machine. The extension does not collect data and credentials are viewable only once.
Want to check extension ranking and stats more quickly for other Chrome extensions?
Install
Chrome-Stats extension
to view Chrome-Stats data as you browse the Chrome Web Store.
If you're using an external AWS account in AWS SSO, there is no way for you to retrieve the CLI credentials for the role. The workaround suggested by AWS is to use AWS CloudShell.
This Credential Helper extension allows you to retrieve the CLI credentials by passing the SAML Assertion to AWS Security Token Service.
To use this extension:
Click on the external AWS account you wish to log into
Once the console opens, click on the extension and the popup will appear
Your credentials will be available there for you to copy
Copy the credentials to your local AWS credentials file
Use the AWS CLI from your local machine
Note: This extension does not collect any data. The credentials are available to view only once and are deleted once the popup is closed.
While useful, the popup has a significant flaw when installed on Chrome 113.0.5672.127: the width of the popup prevents fully highlighting the displayed credentials. As a result, any attempt to highlight and copy the "export" credentials results in an incomplete session token, which translates to a malformed token in a user's session (eg., Ubuntu 20.04 terminal, PuTTY, etc.)
Please consider either an overall scrollbar for this popup, or buttons for each type of credential output to aid in getting the full content into the user's clipboard for further use.
The workaround of "select all" (Ctrl-A), then "copy" (Ctrl-C), then "paste" (Ctrl-V) into something like notepad, or an empty vim session so that a portion of the output can then be selected, copied, and pasted (again) is not an efficient workflow by any definition. To successfully migrate users to a new approach, something similar to the existing functionality should be maintained as a design goal.
CloudKeeper - Credential Helper requires some sensitive permissions that could impact your browser and data
security. Exercise caution before installing.
Risk likelihood
CloudKeeper - Credential Helper is probably trust-worthy. Prefer other publishers if available. Exercise caution
when installing this extension.