granted
granted copied to clipboard
[Feature Request] Support for populating aws config file
The one feature I am missing from being able to use granted as my only AWS SSO login tool is the ability to populate the full list of profiles I can access. I am currently using aws-sso-util configure populate
for that. It would be great if it could be generated as part of granted's processes.
This will be very helpful!
Yes please! I just raised a discussion around this topic: https://github.com/common-fate/granted/discussions/224
As I understand it this involves calling ListAccounts
and paginating through to get all accounts. Then for each account calling ListAccountRoles
for each account.
I also want this feature. I have two different SSOs I need to log in through though, so I'd want granted to populate my profile from both accounts. I have no problem running two commands to accomplish that, just as long as I have a way to differentiate between the ssos.
# Populate from my first sso, prefixing profiles with sso1-
$ granted sso populate --prefix sso1- <start url>
# Populate from my second sso, prefixing profiles with sso2-
$ granted sso populate --prefix sso2- <start url>
# Open a browser to the iam console on the Dev/Tooling account in sso1
$ assume -c -s iam sso1-Dev-Tooling-AdministratorAccess
Thoughts anyone?
I think the easiest way to fulfill the requirements (and the most minimal/unixy) would be to output all of the profiles to stdout.
So just granted sso generate <start url>
would output a bunch of profiles you can pipe to ~/.aws/config
or copy and paste or post process yourself to add the prefix.
I think the easiest way to fulfill the requirements (and the most minimal/unixy) would be to output all of the profiles to stdout.
I see a stdout-generating command as valuable and not mutually exclusive with either profile name prefixing or automatic ~/.aws/config
population.
Perhaps one command is granted sso generate [--prefix <prefix>] <start url>
, and the other is granted sso populate [--prefix <prefix>] <start url>
, where --prefix <prefix>
is optional for either command. The differences here appear to amount to what we do with the account and role lists once we have fetched them.
@tom-sherman I've taken your feedback into account and submitted a pull request #230. Here's hoping it works for everyone.
Thanks @misterjoshua This is great to see added :)