BMX grants you API access to your AWS accounts, based on Okta credentials that you already own.
It uses your Okta identity to create short-term AWS STS tokens, as an alternative to long-term IAM access keys. BMX manages your STS tokens with the following commands:

  1. bmx print writes your short-term tokens to stdout as AWS environment variables. You can execute bmx print’s output to make the environment variables available to your shell.
  2. bmx write writes your short-term tokens to ~/.aws/credentials.

BMX prints detailed usage information when you run bmx -h or bmx <cmd> -h.

BMX was developed by D2L (Brightspace/bmx), and modifications have been made to the project by Arctic Wolf.


  1. BMX is multi-platform: it runs on Linux, Windows, and Mac.
  2. BMX maintains your Okta session for 12 hours: you enter your Okta password once a day, and BMX takes care of the rest.
  3. Project scoped configurations
  4. BMX supports Web and SMS MFA.


Available versions of BMX are available on the releases page.

Getting Started

To authenticate and obtain a session via the command line, run the following:

bmx login

This will prompt you for your Okta organization and credentials. When you have successfully connected, you can run the following to get a set of IAM STS credentials for use with the AWS API:

bmx print

The command will print a series of environment set commands, that can be used to set the environment variables of the current shell session:

export AWS_ACCESS_KEY_ID=...

# Run AWSCLI using environment variables for credentials
aws sts get-caller-identity

If you’d like to learn about the ways BMX assists with authenticating to AWS, you can review in the getting started documentation.


BMX is maintained under the Semantic Versioning guidelines.

Getting Involved

See for guidelines.