granted icon indicating copy to clipboard operation
granted copied to clipboard

Published 20 hours ago verified publisher icon common-fate

[Feature Request] Support for populating aws config file

Open andymac4182 opened this issue 2 years ago • 1 comments

The one feature I am missing from being able to use granted as my only AWS SSO login tool is the ability to populate the full list of profiles I can access. I am currently using aws-sso-util configure populate for that. It would be great if it could be generated as part of granted's processes.

andymac4182 avatar Jun 08 '22 07:06 andymac4182

This will be very helpful!

sherifabdlnaby avatar Jul 09 '22 18:07 sherifabdlnaby

Yes please! I just raised a discussion around this topic: https://github.com/common-fate/granted/discussions/224

As I understand it this involves calling ListAccounts and paginating through to get all accounts. Then for each account calling ListAccountRoles for each account.

tom-sherman avatar Aug 23 '22 08:08 tom-sherman

I also want this feature. I have two different SSOs I need to log in through though, so I'd want granted to populate my profile from both accounts. I have no problem running two commands to accomplish that, just as long as I have a way to differentiate between the ssos.

# Populate from my first sso, prefixing profiles with sso1-
$ granted sso populate --prefix sso1- <start url>

# Populate from my second sso, prefixing profiles with sso2-
$ granted sso populate --prefix sso2- <start url>

# Open a browser to the iam console on the Dev/Tooling account in sso1
$ assume -c -s iam sso1-Dev-Tooling-AdministratorAccess

Thoughts anyone?

misterjoshua avatar Aug 25 '22 17:08 misterjoshua

I think the easiest way to fulfill the requirements (and the most minimal/unixy) would be to output all of the profiles to stdout.

So just granted sso generate <start url> would output a bunch of profiles you can pipe to ~/.aws/config or copy and paste or post process yourself to add the prefix.

tom-sherman avatar Aug 25 '22 18:08 tom-sherman

I think the easiest way to fulfill the requirements (and the most minimal/unixy) would be to output all of the profiles to stdout.

I see a stdout-generating command as valuable and not mutually exclusive with either profile name prefixing or automatic ~/.aws/config population.

Perhaps one command is granted sso generate [--prefix <prefix>] <start url>, and the other is granted sso populate [--prefix <prefix>] <start url>, where --prefix <prefix> is optional for either command. The differences here appear to amount to what we do with the account and role lists once we have fetched them.

misterjoshua avatar Aug 25 '22 20:08 misterjoshua

@tom-sherman I've taken your feedback into account and submitted a pull request #230. Here's hoping it works for everyone.

misterjoshua avatar Aug 26 '22 01:08 misterjoshua

Thanks @misterjoshua This is great to see added :)

andymac4182 avatar Aug 29 '22 05:08 andymac4182