Creating a mai profile for STUPS

The goal of mai tool in the STUPS suite is to provide authentication tokens to access AWS.

You have to create a mai profile and then log in into it, so you will get a token that will be used by other STUPS tools (e.g. senza). That token will last 1 hour. After that hour you will have to create a new one.

This is how I create a mai profile:

$ ./venv-py3.4/bin/mai create <profile name>
Identity provider URL: <e.g.>
SAML username: <e.g.>
Authenticating against OK
Please select one role
1) AWS Account 123456789012 (acme-team1): AWS-Profile-Name
2) AWS Account 210987654321 (acme-team2): AWS-Profile-Name
Please select (1-2): 2
Storing new profile in /home/pfigue/.config/mai/mai.yaml.. OK

If now I list that mai.yaml file I see several entries like this, one for each mai profile I created:

  saml_role: ['arn:aws:iam::210987654321:saml-provider/AWS-Profile-Name', 'arn:aws:iam::210987654321:role/AWS-Profile-Provider',

I can also do:

$ ./venv-py3.4/bin/mai create acme-team2 --url --user

Here is the documentation for mai.