-
Notifications
You must be signed in to change notification settings - Fork 1
/
config.py.sample
39 lines (36 loc) · 1.92 KB
/
config.py.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
session_config = {
'session_backing':{
'cache_type': 'FileSystem',
'cache_dir': '/tmp/awscon/.cache'},
'session_expire' : 300,
'session_cookie' :'consurl'
}
saml_config = {
# This is a sample SAML SP configuration for Azure AD (use your own tenentid, certificate, etc.)
"saml_endpoint": "https://login.microsoftonline.com/<TENENTID>/saml2",
"spid": "URN:awsconsoleurl",
"issuer": "https://sts.windows.net/<TENENTID>/",
"acs_url" : "http://wsgi.example.com/awscon/saml/acs",
"user_attr": "name_id", # Attribute to match as session username
"assertions": ["groups"], # Assertions added to session as attributes
"certificate" : "-----BEGIN CERTIFICATE-----\n YOUR IDPs CERTIFICATE -----END CERTIFICATE-----\n"
}
aws_config = {
"url_prefix": "/aws", # Base for URL prefix to use
"aws_profile_name" : "cons", # Profile in credentials file to use
"aws_credentials_file" : "/usr/local/.aws/credentials", # Credentials file (protect the file)
"targets" : [
{
"service": "sadmin", # www.example.com/aws/sadmin
"role": "arn:aws:iam::123456789012:role/MyAdminRole", # defined role to assume
"duration": 28800, # 8 hour session
"groups" : ["sysadmin", "cloudadmin"] # must be a member of sysadmin or cloud admin
},
{
"service": "sandbox", # www.example.com/aws/sandbox
"role": "arn:aws:iam::999999789012:role/DBAdmin", # different account and role
"duration": 14400, # 4 hour session
# no groups - anyone that can auth has access
}
]
}