aws_okta_keyman
aws_okta_keyman copied to clipboard
nathan-v
Multiple Accounts at Once
I frequently find myself managing multiple AWS accounts or a whole organization and need to query easily via scripts across 5/10/20 accounts.
It would be hugely useful to not have make multiple cli commands to aws_okta_keyman to login to each account and rather have the ability to login and generate a secret/access/token combo for every account that OKTA allows me to. Any scripts could then leverage a profile for each account to create boto sessions, as an example.
There isn't really an alternative outside of multiple cli commands, which can be tedious. I will likely fork so I can rapidly build this out (and b/c this would probably break some existing functionality / need a larger rewrite), but wanted to drop this issue in here to see your thoughts / if others have this problem.
You can already do this today; an Okta account with multiple AWS entries should prompt you for which AWS account you want to use by default. Are you on an older version or using an old config?
An example is shown in the readme; https://github.com/nathan-v/aws_okta_keyman#running-aws-okta-keyman
As its written/described, you can login to one account using keyman (and pick from a list) but if you want to get into all 4, you'd have to run keyman 4 times and pick a different each account each time.
The key here is I'm looking to get into ALL accounts at once, not go one at a time, which when you have 20 accounts can become tedious. This way login for the day/hour can be simplified and scripts can be leveraged to query across accounts with ease.
Ah, yeah! You want to refresh multiple at once. Something I've definitely considered and wanted to do before but I didn't have a strong need for it at my org. Makes sense.