The AWS CLI subcommand assume-role-with-saml can be utilised to retrieve temporary credentials when accessing SAML2-based Identity Provider (IDP) that has been federated to AWS. Several third party login “helpers” are available for this purpose, for example, aws-google-auth can be used when Google is the federated IDP. However, these tools are…