aws-sso-util icon indicating copy to clipboard operation
aws-sso-util copied to clipboard

Published 20 hours ago verified publisher icon benkehoe

Add sso-start-url information to profile name process input

Open eriweb opened this issue 11 months ago • 2 comments

I've got multiple aws organizations and identity centers, and to make matters worse the same account names in them all.

Would it be possible to add information about sso url to the profile name process? that way i could customize the naming and take sso url into consideration

eriweb avatar Mar 18 '24 12:03 eriweb

You can use the components option to customize the profile name format.

There is no dynamic component for instance-level attributes, but you can use a literal to name each instance.

I work with Identity Center instances for OrgA and OrgB.

OrgA and OrgB each have two accounts called Name1 and Name2. I can assume 1 role in each account.

Today I handle it by using a different command for each instance to populate the profiles.

aws-sso-util configure populate \
--sso-start-url "..." \
--sso-region "..." \
--region "..." \
--components "OrgA,account_name,account_id,role_name"
 
aws-sso-util configure populate \
--sso-start-url "..." \
--sso-region "..." \
--region "..." \
--components "OrgB,account_name,account_id,role_name"
  • OrgA/OrgB: literal to name the Identity Center instance
  • account_name, account_id, role_name: dynamic components

That generates a list of profiles like this:

OrgA.Name1.111111111111.Role1
OrgA.Name2.222222222222.Role1
OrgB.Name1.333333333333.Role1
OrgB.Name2.444444444444.Role1

You can distinguish the two "Name1" accounts by the different prefixes "OrgA" and "OrgB".

I like to include the account ID in the profile name for extra clarity.

Such a long name may be awkward to type. To avoid that I run the aws configure list-profiles command, copy the profile I need from the output, and paste it where I need it.

iainelder avatar Mar 18 '24 12:03 iainelder

Sorry for the very long delay (and it will be a while longer as I get spun back up on my projects). This is a good idea and I will add it. However, I believe you can accomplish this today by adding the start URL to the command you're giving to --profile-name-process, e.g.

aws-sso-util configure populate --sso-start-url $AWS_SSO_START_URL ... --profile-name-process "my_profile_process $AWS_SSO_START_URL"

Note to self: add a note to the docs that arguments may get added over time (but will never get reduced or rearranged), so process formatters should not rely on a specific number of total arguments, as in unpacking sys.argv[:7] rather than sys.argv

benkehoe avatar May 26 '24 13:05 benkehoe