Web application to allow SAML authenticated users to search multiple AWS accounts for instances by IP

The ipquery configuration file is located at /etc/ipquery.yaml. To configure ipquery create this file and populate it with your configuration settings.

A unique secret key to secure Flask sessions

A dictionary of all SAML identity providers with the name of the identity provider as the key and the identity providers SAML metadata URL as the value.

The EntityID, typically a URL, that you've configured in your identity provider.

The name of the preferred SAML identity provider.

Set this to http or https depending on how you're serving up the web UI.

Set this to http or https depending on how you're serving up the web UI.

The level to set for logging.

A session name to identify the IAM role assumption

A list of all AWS IAM Role ARNs to assume and use to scan for instances.

The IAM Policy to constrain the access that ipquery will use when assuming roles to scan for instances.

Here is an example configuration for two foreign AWS accounts

--- 
  secret_key: "11111111-1111-1111-1111-111111111111"
  idp_name: oktadev
  metadata_url_for: 
    oktadev: "http://idp.oktadev.com/metadata"
  entity_id: https://mysite.example.com/saml/sso/myidp
  PREFERRED_URL_SCHEME: https
  acs_url_scheme: https
  ip2instance_roles: 
    - "arn:aws:iam::012345678901:role/MyIPQueryRole"
    - "arn:aws:iam::123456789012:role/MyIPQueryRole"

ipquery