Skip to content

eitumd/aws-oidc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github/workflows
.github/workflows
 
 
README.md
README.md
 
 
aws-oidc
aws-oidc
 
 

Repository files navigation

aws-oidc

OIDC credential helper for AWS CLI using PKCE. Zero external dependencies beyond Python 3.

Authenticates via browser login to your OIDC provider, exchanges the ID token for temporary AWS credentials via STS AssumeRoleWithWebIdentity, and outputs them in credential_process format.

Install

brew tap eitumd/tap
brew install aws-oidc

Setup

Add a profile to ~/.aws/config:

[profile myprofile]
credential_process = aws-oidc arn:aws:iam::123456789012:role/MyRole
region = us-east-1

Then use it normally:

aws --profile myprofile sts get-caller-identity

How it works

  1. Checks for a cached/refreshable token in ~/.aws/oidc-cache/
  2. If needed, opens a browser for OIDC login (PKCE, no client secret)
  3. Exchanges the ID token for temporary AWS credentials via STS
  4. Outputs JSON in the format expected by credential_process

Releasing

Tag and push:

git tag v0.1.0
git push origin v0.1.0

CI creates a GitHub Release and updates the Homebrew formula automatically.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v0.1.2 Latest
Feb 24, 2026
+ 2 releases

Packages

 
 
 

Contributors

Languages