Support for AWS SSO

[adampie]

Hey, I've recently moved from AWS CLI v1 credentials file to the v2 SSO config file and found that Dynobase doesn't support those new profiles yet. Would be great to have native SSO support but if it's not on the roadmap then I have a workaround for now.

Here is an example config file that aws configure sso creates:

❯ cat ~/.aws/config
[profile Development]
sso_start_url = https://SSO_URL.awsapps.com/start
sso_region = eu-west-1
sso_account_id = 1111111111111
sso_role_name = PowerUserAccess
region = eu-west-1
output = json

[profile Production]
sso_start_url = https://SSO_URL.awsapps.com/start
sso_region = eu-west-1
sso_account_id = 1111111111111
sso_role_name = PowerUserAccess
region = eu-west-1
output = json

---

I have found a workaround using yawsso (from aws/aws-cli#4982), it converts the v2 config into the v1 credentials file:

pip3 install yawsso
touch ~/.aws/credentials
export AWS_PROFILE=Development
aws sso login
yawsso

This creates the standard credentials file which Dynobase works with.

❯ cat ~/.aws/credentials
[Development]
region = eu-west-1
aws_access_key_id =
aws_secret_access_key = 
aws_session_token =
aws_session_expiration =

[Production]
region = eu-west-1
aws_access_key_id =
aws_secret_access_key  =
aws_session_token =
aws_session_expiration =

Ta,
Adam

[jufemaiz]

ugh really? :(

[jufemaiz]

@adampie was this resolved?

[adampie]

@jufemaiz Seems like it, it opens the SSO login page.

[RafalWilinski]

Yep, Dynobase supports SSO out of the box. Just make sure that your AWS profile follows this convention:

[profile my-sso-profile]
sso_start_url = https://your-company-sso-sso.awsapps.com/start
sso_region = us-east-1
sso_account_id = xxx
sso_role_name = admin
region = us-east-1
credential_process = aws-sso-credential-process --profile my-sso-profile