Allows you to create docker image

Dockerfile

@@ -0,0 +1,21 @@
+FROM golang:1.9-stretch AS builder
+WORKDIR /go/src/github.com/segmentio/aws-okta
+RUN apt-get update && apt-get -y install libusb-dev  libusb-1.0-0-dev && pkg-config --cflags --libs libusb-1.0
+COPY . .
+RUN make linux
+
+FROM debian:stretch-slim AS aws-okta-toolbox
+WORKDIR /app/
+RUN apt-get update && apt-get -y install libusb-1.0-0 ca-certificates python-pip && pip install awscli
+COPY --from=builder /go/src/github.com/segmentio/aws-okta/dist/aws-okta-*-linux-amd64 /app/aws-okta
+RUN useradd -u 10001 scratchuser
+USER scratchuser
+ENTRYPOINT ["/app/aws-okta"]
+
+FROM debian:stretch-slim
+WORKDIR /app/
+RUN apt-get update && apt-get -y install libusb-1.0-0 ca-certificates
+COPY --from=builder /go/src/github.com/segmentio/aws-okta/dist/aws-okta-*-linux-amd64 /app/aws-okta
+RUN useradd -u 10001 scratchuser
+USER scratchuser
+ENTRYPOINT ["/app/aws-okta"]

Makefile

@@ -13,6 +13,8 @@ test: | govendor
 
 all: dist/aws-okta-$(VERSION)-darwin-amd64 dist/aws-okta-$(VERSION)-linux-amd64
 
+linux: dist/aws-okta-$(VERSION)-linux-amd64
+
 clean:
 	rm -rf ./dist
 
@@ -30,4 +32,4 @@ dist/aws-okta-$(VERSION)-linux-amd64: | govendor dist/
 govendor:
 	go get -u github.com/kardianos/govendor
 
-.PHONY: clean all govendor
+.PHONY: clean all govendor container-build

README.md

@@ -24,6 +24,20 @@ $ brew install aws-okta
 
 See [docs/windows.md](docs/windows.md) for information on getting this working with Windows.
 
+### Docker
+
+With the provided Dockerfile you can build two different Docker images one without the AWS CLI (default one) and second one with AWS CLI inside the container.
+
+```
+$ docker build . -t aws-okta
+```
+
+Docker with AWS CLI inside
+
+````
+$ docker build --target aws-okta-toolbox -t aws-okta-toolbox
+```
+
 ## Usage
 
 ### Adding Okta credentials
@@ -58,7 +72,13 @@ Global Flags:
   -b, --backend string   Secret backend to use [kwallet secret-service file] (default "file")
   -d, --debug            Enable debug logging
 ```
+### Exec Docker
+
+Example with AWS CLI docker
 
+```
+docker run -ti -v /Users/XXX/.aws:/home/scratchuser/.aws -v  /Users/XXX/.aws-okta:/home/scratchuser/.aws-okta/ aws-okta-toolbox  exec profile -- aws s3 ls
+```
 ### Exec for EKS and Kubernetes
 
 `aws-okta` can also be used to authenticate `kubectl` to your AWS EKS cluster. Assuming you have [installed `kubectl`](https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html), [setup your kubeconfig](https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html) and [installed `aws-iam-authenticator`](https://docs.aws.amazon.com/eks/latest/userguide/configure-kubectl.html), you can now access your EKS cluster with `kubectl`. Note that on a new cluster, your Okta CLI user needs to be using the same assumed role as the one who created the cluster. Otherwise, your cluster needs to have been configured to allow your assumed role.