Build AWS CLI config profiles for SSO accounts and roles
Project description
AWS SSO Config Builder
Table of Contents
The Gist
This tool generates AWS CLI configuration blocks for use with AWS IAM Identity Center (formerly AWS SSO):
Why
...would someone use this?
If they:
- Have access to a large or shifting set of accounts and roles through AWS SSO
- Don't already have tools in place to generate and maintain their named profiles
- Want to automatically generate/regenerate templatized blocks without interfering with manually-defined sections
...did I publish this?
- After https://github.com/99designs/aws-vault/pull/1088 got merged, I wanted to update the script I use to update my AWS CLI config
- Cog wasn't on my radar when I started doing this stuff, but is just what I want to maintain the cleaner bits of my frankenconfig
- I wanted an excuse to try Hatch on something
...the focus on aws-vault?
From the user experience perspective, the biggest win is that when using my aws-vault profiles, they just work:
- If I don't have an active SSO session, it pops open a browser to login without me having to manually type
aws sso login
- If my session credentials are missing or expired, aws-vault refreshes them behind the scenes without killing running commands
But to be fair, a lot of wy I use aws-vault is habit. If you're not already using it, I'm not here to sell it to you.
Installation
Into the Active Python Environment
pip install aws-sso-config-builder
With Pipx
pipx install aws-sso-config-builder
With Pipx Alongside Cog
Useful to support Usage with Cog.
pipx install cogapp
pipx inject cogapp aws-sso-config-builder
Usage
Generate AWS CLI sso-session
and profile
blocks based on the accounts
and roles granted by your AWS SSO login(s).
Use as a CLI tool or from Python.
CLI
Quickstart with Defaults
generate-sso-profiles -s my-sso-directory-name
This will generate sso-session
and profile
blocks
More Options
Usage: generate-sso-profiles [OPTIONS]
Options:
-s, --sso-directories TEXT SSO directory names, which will be used:
- To define "sso-session" config blocks
- To build an SSO start URL [required]
-t, --profile-template TEXT An AWS CLI profile block template with
{placeholders} for profile values
Supported placeholder variables:
- profile_name
- account_name
- account_id
- role_name
- sso_session
...and any other "key" provided in --extra-
vars
-e, --extra-vars TEXT Custom variables in the form "key=value" that
can be referenced with {placeholders} in a
profile template.
-r, --regex-replacements TEXT Regex replacements to perform on generated
profile names, in the form
'pattern,replacement'
--help Show this message and exit.
Python
Quickstart with Defaults
from aws_sso_config_builder.gen_config import generate_config_blocks
print(generate_config_blocks(sso_directories=["my-sso-directory-name"]))
Usage with Cog
Use Cog to dynamically generate or replace specific sections inside an ~/.aws/config
file without touching manually-maintained blocks.
This invocation specifies:
- A custom profile template, including:
credential_process
profiles for use with aws-vault- additional settings defined for each profile
- Some regex replacements to adjust the generated profile name
Add this Cog block to a new or existing ~/.aws/config
file:
# [[[cog
# import cog
# from aws_sso_config_builder.gen_config import generate_config_blocks
#
# cog.outl(generate_config_blocks(
# sso_directories=["home", "work"],
# profile_template="""
# [profile {profile_name}-sso]
# sso_session = {sso_session}
# sso_account_id = {account_id}
# sso_role_name = {role_name}
# output = json
# region = us-east-2
# cli_history = enabled
#
# [profile {profile_name}]
# credential_process = {aws_vault_path} exec --json {profile_name}-sso
# output = json
# region = us-east-2
# cli_history = enabled
# """,
# regex_replacements={
# "speckledmonkey": "sm",
# "^Customer": "cust",
# "Sandbox-": "sbx-"
# },
# aws_vault_path="/home/aj/go/bin/aws-vault",
# ))
# ]]]
# [[[end]]]
And then run:
cog -r ~/.aws/config
Note that this depends on having Cog and aws-sso-config-builder installed in the same Python environment. See also Installation with Pipx Alongside Cog above.
License
aws-sso-config-builder
is distributed under the terms of the MIT license.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file aws_sso_config_builder-0.0.1.tar.gz
.
File metadata
- Download URL: aws_sso_config_builder-0.0.1.tar.gz
- Upload date:
- Size: 8.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: python-httpx/0.23.3
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 72826812777375c10af321fee56b5c4b37051899b3ec2462af063498d6fd8607 |
|
MD5 | 7516188fb94a682b098c88e9d202b463 |
|
BLAKE2b-256 | 5b243401fcf3795fc5d3f5c2689d42175c8ecdcb8a1470744464d4e772da9633 |
File details
Details for the file aws_sso_config_builder-0.0.1-py3-none-any.whl
.
File metadata
- Download URL: aws_sso_config_builder-0.0.1-py3-none-any.whl
- Upload date:
- Size: 8.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: python-httpx/0.23.3
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | c23f6eaf735f65b1af4aad96fbf05ab8493f209b1d13fbfc708ff82c4a347f7c |
|
MD5 | aeed9c8cd0aeb31ccda5fe6f07b3a07e |
|
BLAKE2b-256 | 70c24d495a46a549a7b2eafe08946b5909c60665c67f688e6baf32592fdec74f |