Download the AWS powershell utility zip file.
Unzip the file into a new folder.
Open the Powershell prompt in Administrator mode.
Run Set-ExecutionPolicy Unrestricted to enable the scripts.
Run [System.Net.ServicePointManager]::SecurityProtocol and check for TLS12 in the resulting output. If there no TLS12 in the protocol list, run the following commands.
Shell
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
If you are working behind a proxy server, run the following commands to enable your Powershell session to use proxy credentials.
Shell
$webclient=New-Object System.Net.WebClient
$creds=Get-Credential
$webclient.Proxy.Credentials=$creds
Run one of the following commands:
Long version Short version
.\CentrifyAuthenticate.ps1 –Tenant <Tenant.centrify.com> -Location “\absolute_path\aws\credentials”.\ca.ps1 -Tenant <Tenant.centrify.com> -Location “\absolute_path\aws\credentials”
📘
Both Tenant and Location parameters are optional
Tenant by default points to devdog.centrify.com
Default AWS region needs to be set using a different command. See step 14.
Location specifies the absolute path of the AWS credentials file
If location is not specified, the default location USER_HOME/.aws/credentials is used
Enter your Centrify credentials for authentication. Note: Credentials may be a MFA per user configuration.
Once authenticated, all authorized AWS applications are listed.
Choose an application by entering the number of the application.
Running an application will generate a SAML. The SAML will be posted to AWS for its credentials. See AWS SAML for more information.
Choose an AWS role.
If the inputs are correct, the AWS credentials will be saved in the profile <ProfileName>. Use <ProfileName> to run AWS commands. For example:
Shell
Get-S3Bucket -ProfileName <ProfileName>
To set your default region, use the following AWS commands.
Shell
Set-DefaultAWSRegion -Region <region>
Where region = us-east-1, us-west-1 etc.