# Install aws-google-auth with Homebrew

Acquire AWS credentials using Google Apps. Version 0.0.38 via Homebrew; verified 2026-05-20.

## Install

```sh
sudo av install brew:aws-google-auth
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install aws-google-auth
```

  Evidence: local Homebrew formula metadata

## Package facts

- **Package key:** brew:aws-google-auth
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/aws-google-auth>
- **Version:** 0.0.38
- **Source summary:** Acquire AWS credentials using Google Apps
- **Homepage:** <https://github.com/cevoaustralia/aws-google-auth>
- **Repository:** <https://github.com/cevoaustralia/aws-google-auth>
- **Upstream docs:** <https://github.com/cevoaustralia/aws-google-auth#readme>
- **License:** MIT
- **Source archive:** <https://files.pythonhosted.org/packages/32/4c/3a1dd1781c9d3bb4a85921b3d3e6e32fc0f0bad61ace6a8e1bd1a59c5ba0/aws-google-auth-0.0.38.tar.gz>
- **Last updated:** 2026-05-20T10:22:16Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- aws-google-auth (cli)
- aws-google-auth (alias)

## Dependencies

- certifi
- pillow
- python@3.14

## Uses from macOS

- libxml2
- libxslt

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.0.38
- Package-manager updated: 2026-05-20
- Local data: ok
- Upstream repository: https://github.com/cevoaustralia/aws-google-auth
- info: No cached GitHub release or tag data was available.
## Project history and usage

aws-google-auth is a Python command-line tool for acquiring temporary AWS STS credentials using Google Apps / Google Workspace SAML SSO as the identity provider. It targets organizations that wired Google SAML into AWS before newer AWS-native SSO and IAM Identity Center workflows became common.

### Project history

The CEVO Australia repository presents the tool as a way to acquire AWS temporary credentials through Google Apps federation. Its README covers the Google SAML identity-provider setup, the AWS service-provider identifiers needed by the command, installation through pip or Docker, and command-line flags for region, profile, role ARN, U2F, keyring use, and diagnostic output.

### Adoption history

The README points to PyPI and Docker Hub distribution paths, and the GitHub page shows a Python project with a public release line through 0.0.38. Homebrew analytics showed 73 installs in 30 days, 290 in 90 days, and 1,204 in 365 days at the time of this batch, indicating a lingering audience among teams with older Google SAML AWS login setups.

### How it is used

Users provide Google username, IdP ID, service-provider ID, AWS region, profile, and optionally a role ARN. The tool prompts for password and MFA, assumes an AWS role, and writes or reuses profile data; its README says profile credentials and related IdP/SP details are stored through AWS profiles in the AWS config file.

### Why package nerds care

The package is historically interesting because it bridges consumer-style browser SSO and Unix CLI credential files. It also documents borrowing credential injection ideas from aws-adfs and inspiration from keyme, which places it in the family of pre-IAM-Identity-Center AWS federation helpers.

### Timeline

- 2015: AWS publishes official guidance for federated single sign-on to AWS using Google Apps.
- 0.0.38: GitHub lists release 0.0.38 as the latest release.
- 2026: Homebrew formula metadata packages aws-google-auth 0.0.38 from PyPI.

### Related projects

- google-aws-federator: a related CEVO tool mentioned by the README for assigning users to AWS account roles.
- aws-adfs: acknowledged by the README as a source for credential injection behavior.
- keyme: acknowledged by the README as inspiration for Google SAML authentication flow handling.

### Sources

- <https://aws.amazon.com/blogs/security/how-to-set-up-federated-single-sign-on-to-aws-using-google-apps/>
- <https://formulae.brew.sh/api/formula/aws-google-auth.json>
- <https://github.com/cevoaustralia/aws-google-auth>


## Security Notes

No matching local secret-handling manifest was found for aws-google-auth. Nucleus package metadata is still published here so future coverage has a stable package URL.



## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: ~/.aws/config

## Credential files

- Unix: ~/.aws/credentials
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** aws-google-auth
- **Version Scheme:** 0
- **Revision:** 22
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable


## Related links

- [Cloud CLI packages](https://www.automicvault.com/pkg/cloud-clis/) - Belongs to a cloud or infrastructure command family.
- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [python@3.14](https://www.automicvault.com/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [amazon-ecs-cli](https://www.automicvault.com/pkg/brew/amazon-ecs-cli/) - Shares av.db curated category or tags: aws, cli, cloud-infrastructure.
- [aws-amplify](https://www.automicvault.com/pkg/brew/aws-amplify/) - Shares av.db curated category or tags: aws, cli, cloud-infrastructure.
- [aws-cdk](https://www.automicvault.com/pkg/brew/aws-cdk/) - Shares av.db curated category or tags: aws, cli, cloud-infrastructure.
- [aws-console](https://www.automicvault.com/pkg/brew/aws-console/) - Shares av.db curated category or tags: aws, cli, cloud-infrastructure.
- [aws-elasticbeanstalk](https://www.automicvault.com/pkg/brew/aws-elasticbeanstalk/) - Shares av.db curated category or tags: aws, cli, cloud-infrastructure.
- [aws-es-proxy](https://www.automicvault.com/pkg/brew/aws-es-proxy/) - Shares av.db curated category or tags: aws, cli, cloud-infrastructure.
- [aws-iam-authenticator](https://www.automicvault.com/pkg/brew/aws-iam-authenticator/) - Shares av.db curated category or tags: aws, cli, cloud-infrastructure.
- [aws-keychain](https://www.automicvault.com/pkg/brew/aws-keychain/) - Shares av.db curated category or tags: aws, cli, cloud-infrastructure.
- [aws-sso-util](https://www.automicvault.com/pkg/brew/aws-sso-util/) - Both packages touch the same language runtime or ecosystem. Shared terms: aws, certifi, cli, cloud, cloud-infrastructure.
- [aws-shell](https://www.automicvault.com/pkg/brew/aws-shell/) - Both packages touch the same language runtime or ecosystem. Shared terms: aws, cli, cloud, cloud-infrastructure, infrastructure.
- [aws-spiffe-workload-helper](https://www.automicvault.com/pkg/brew/aws-spiffe-workload-helper/) - Package names and metadata indicate a similar tool family. Shared terms: aws, cli, cloud, cloud-infrastructure, credentials.

## Combined YAML source

View the package source record on GitHub. [combined/aws-google-auth.yml](https://github.com/automic-vault/db/blob/main/combined/aws-google-auth.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
