LookAuth Client


To use LookAuth Client you need the AWS CLI installed.

LookAuth Client automatically checks and warns you if it’s not able to find it installed

Need to install it? Click here!

What is LookAuth Client

LookAuth Client is a tool that allows the user to obtain secure, temporary and refreshable credentials to access AWS Services with AWS CLI and tools based on it, with versioning tools that work with AWS CodeCommit service and to easily use AWS SDK from your local environment during your everyday development.

How it works

LookAuth Client can generate your AWS Credentials from an association between an AWS Account and an AWS IAM Role; this is what we call a User-Role Mapping. Your AWS Security Admin creates this association that relates to the Identity Provider chosen by your company.

Once authenticated with your Identity Provider (e.g. Google), the SAML authorization token given to you by the IDP is used to obtain access credentials to your Federated Account, which is the account federated with your IDP of choice and it is usually your main account inside the space of your organization.

With the federation created by your administrator, LookAuth Client obtains the accounts and roles you can assume inside your organization. This operation provides a mechanism for tying your federated enterprise identity to role-based AWS access.

An AssumeRoleWithSAML call returns the temporary security credentials that consist of an access key ID, a Secret Access Key, and a Security Token to sign calls to AWS services.


Credentials have a lifespan of one hour and are automatically rotated by LookAuth Client to maintain the right balance between usability and security. You can also refresh the credentials at any given time, by clicking the Refresh Button in the Session Card.

When you exit the app the credentials file is removed for enhanced security.

At this point,  you are ready to Launch LookAuth Client: it will prompt you with the first-use tutorial.