aws-sso-cli icon indicating copy to clipboard operation
aws-sso-cli copied to clipboard

Published 20 hours ago verified publisher icon synfinatic

Documentation update showing how to use multiple accounts

Open drmikecrowe opened this issue 1 year ago • 1 comments

I don't understand how to utilize the cli tools to login in the following configuration. I have these key ignorances:

  • How do I refresh all my tokens for a given profile? I thought it would be aws-sso -S pinnacle config-profiles, but this isn't right.
  • Is there any way to use ~/.aws/credentials? Some of my tooling needs it

~/.aws-sso/config.yaml (partial)

SSOConfig:
  personal:
    SSORegion: us-east-x
    StartUrl: https://xxxxx.awsapps.com/start
    Accounts:
      'xxxxxxxxxxxx':
        Name: mike
    DefaultRegion: us-east-x
    AuthUrlAction: open
  pinnacle:
    SSORegion: us-east-x
    StartUrl: https://xxxxx.awsapps.com/start
    Accounts:
      'xxxxxxxxxxxx':
        Name: data
      'xxxxxxxxxxxx':
        Name: dev
...

~/.aws/config (partial)

[profile personal-mike-AdministratorAccess]
credential_process = aws-sso -u open -S "personal" process --arn arn:aws:iam::xxxxxxxxxxxx:role/AdministratorAccess
region = us-east-x

[profile pinnacle-data]
credential_process = aws-sso -u open -S "pinnacle" process --arn arn:aws:iam::xxxxxxxxxxxx:role/AWSAdministratorAccess
region = us-east-x

[profile pinnacle-dev]
credential_process = aws-sso -u open -S "pinnacle" process --arn arn:aws:iam::xxxxxxxxxxxx:role/AWSAdministratorAccess
region = us-east-x
...

Some of my tooling needs ~/.aws/credentials, so I wrote this script:

#!/usr/bin/env bash

aws-sso-creds() {
    printf "[%s]\n" $AWS_SSO_PROFILE
    printf "aws_access_key_id = %s\n" $AWS_ACCESS_KEY_ID
    printf "aws_secret_access_key = %s\n" $AWS_SECRET_ACCESS_KEY
    printf "aws_session_token = %s\n" $AWS_SESSION_TOKEN
}

rm -f ~/.aws/credentials
touch ~/.aws/credentials
aws-sso -S pinnacle eval --arn arn:aws:iam::xxxxxxxxxxxx:role/AWSAdministratorAccess > /tmp/.aws-sso-dev.sh
source /tmp/.aws-sso-dev.sh
aws-sso-creds >> ~/.aws/credentials
aws-sso -S pinnacle eval --arn :aws:iam::xxxxxxxxxxxx:role/AWSAdministratorAccess > /tmp/.aws-sso-data.sh
source /tmp/.aws-sso-data.sh
aws-sso-creds >> ~/.aws/credentials
aws-sso -S pinnacle eval --arn :aws:iam::xxxxxxxxxxxx:role/AWSAdministratorAccess > /tmp/.aws-sso-prod.sh
source /tmp/.aws-sso-prod.sh
aws-sso-creds >> ~/.aws/credentials

drmikecrowe avatar Mar 26 '24 12:03 drmikecrowe