manage a `aws-sso` profile in `~/.aws/config` #157

synfinatic · 2021-11-22T16:57:51Z

The idea here is that rather than setting a bunch of variables in the environment, it may just be easier to manage named profiles in the aws config files. per the docs we can even pass in the AWS_SESSION_TOKEN in the config file and of course the region as well. Seems very similar to #15.

You could then even run aws-sso as a daemon and it can auto-refresh credentials before they expire.

AWS even has support for doing this via external processes: https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes (Fixed in #158)

Depends on #212

The text was updated successfully, but these errors were encountered:

* Local cache was not saving during auto-refresh causing future runs to not use the cache and slowing execution after 24hrs. * Add support for AWS `credential_process` output in ~/.aws/config files Refs #157

synfinatic · 2021-11-25T00:41:29Z

So the question is basically, should the user have:

One profile for all AWS SSO Roles (means you can't have different roles in different terminal sessions)
Multiple profiles and some how map a role to a profile
1:1 mapping of profiles and roles

Only the 3rd option seems useful? Basically turns into a question can we edit the ~/.aws/config file and add/delete profiles when the role becomes (un)available?

As of AWS CLI v2, it honors AWS_CONFIG_FILE=/path/to/config_file so that's an option too?

synfinatic · 2021-12-26T17:40:09Z

what about just using a template marker like terraform-docs does? aka:

<!-- BEGIN_TF_DOCS -->
{{ .Content }}
<!-- END_TF_DOCS -->

and generate a series of entries like:

[profile <name>]
credential_process = /usr/local/bin/aws-sso process --sso <name> --arn <arn>

then users can just use the typical AWS_PROFILE environment variable for AWS SSO just like more traditional static API keys. This becomes a really consistent user experience.

synfinatic · 2022-01-02T18:22:54Z

also should support output=json or other output values

* Roles now support specifying a custom `Profile` value which is used as `AWS_SSO_PROFILE` and for the profile name in ~/.aws/config * Add support for the `config` command which generates the necessary profile entries in ~/.aws/config * Add StringReplace function for ProfileFormat Refs: #157, #212

* Roles now support specifying a custom `Profile` value which is used as `AWS_SSO_PROFILE` and for the profile name in ~/.aws/config * Add support for the `config` command which generates the necessary profile entries in ~/.aws/config * Add StringReplace function for ProfileFormat * Refactor *AWSRoleFlat & *Roles into cache_roles.go * Add a bunch of unit tests Refs: #157, #212

Refs: #157

* Fix diffing across multiple runs * Consistent ordering based on SSO instance & ARN * Now updates the config file Refs: #157

* `eval` now supports `--url-action=print` because we now print to STDERR * Clarify that `process` does _NOT_ support print, because the AWS tooling eats STDERR. * `config` now takes an `--open` flag for overriding `UrlAction` in the config file with the `--url-action` flag on the CLI. Refs: #157

synfinatic added the enhancement New feature or request label Nov 22, 2021

synfinatic mentioned this issue Nov 23, 2021

Fix caching and add process command #158

Merged

synfinatic modified the milestones: 1.6.1, 1.7 Dec 26, 2021

synfinatic added the priority:high High Priority Items label Jan 2, 2022

synfinatic mentioned this issue Jan 3, 2022

Add config support and Profile to Roles #225

Merged

synfinatic added a commit that referenced this issue Jan 4, 2022

Generate diff for ~/.aws/config

88c5f8e

Refs: #157

synfinatic mentioned this issue Jan 4, 2022

Generate diff for ~/.aws/config #228

Merged

synfinatic added a commit that referenced this issue Jan 4, 2022

Generate diff for ~/.aws/config

698ea50

Refs: #157

synfinatic added a commit that referenced this issue Jan 5, 2022

improve config diff and write file

edb9948

* Fix diffing across multiple runs * Consistent ordering based on SSO instance & ARN * Now updates the config file Refs: #157

synfinatic mentioned this issue Jan 5, 2022

improve config diff and write file #230

Merged

synfinatic added a commit that referenced this issue Jan 5, 2022

improve config diff and write file

4618745

* Fix diffing across multiple runs * Consistent ordering based on SSO instance & ARN * Now updates the config file Refs: #157

synfinatic added a commit that referenced this issue Jan 5, 2022

improve config diff and write file

e3561e4

* Fix diffing across multiple runs * Consistent ordering based on SSO instance & ARN * Now updates the config file Refs: #157

synfinatic closed this as completed Jan 5, 2022

synfinatic mentioned this issue Jan 5, 2022

Improve how we open URLs with eval and process/config #232

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

manage a `aws-sso` profile in `~/.aws/config` #157

manage a `aws-sso` profile in `~/.aws/config` #157

synfinatic commented Nov 22, 2021 •

edited

Loading

synfinatic commented Nov 25, 2021

synfinatic commented Dec 26, 2021 •

edited

Loading

synfinatic commented Jan 2, 2022

manage a aws-sso profile in ~/.aws/config #157

manage a aws-sso profile in ~/.aws/config #157

Comments

synfinatic commented Nov 22, 2021 • edited Loading

synfinatic commented Nov 25, 2021

synfinatic commented Dec 26, 2021 • edited Loading

synfinatic commented Jan 2, 2022

manage a `aws-sso` profile in `~/.aws/config` #157

manage a `aws-sso` profile in `~/.aws/config` #157

synfinatic commented Nov 22, 2021 •

edited

Loading

synfinatic commented Dec 26, 2021 •

edited

Loading