AWS STS Credentials and Google Apps Federated User

This write-up outlines methods of working with the AWS Secure Token Service (STS) and Federated user accounts, where Google has been established as the Identity Provider. It is based on a recent experience where AWS programmatic access was only permitted via STS temp credentials.

A summary of the scenario and what we aim to achieve are as follows:

  • You are a developer working with the aws cli for the purposes of testing your Dev stack.
  • Your organisation has enabled SSO via SAML, with Google as