Yet Another AWS SSO - sync up AWS CLI v2 SSO login session to legacy CLI v1 credentials
Project description
yawsso
Yet Another AWS SSO - sync up AWS CLI v2 SSO login session to legacy CLI v1 credentials.
Prerequisite
- Required
Python >= 3.6 - Required AWS CLI v2
- Assume you have already setup AWS SSO for your organization
Main Use Case
- Install latest from PyPI like so:
pip install yawsso
- Do your per normal SSO login and, have at least one active SSO session cache:
aws sso login --profile dev
- To sync for all named profiles in config (i.e. lazy consensus), then just:
yawsso
- To sync default profile and all named profiles, do:
yawsso --default
- To sync default profile only, do:
yawsso --default-only
- To sync for selected named profile, do:
yawsso -p dev
- To sync for multiple selected named profiles, do:
yawsso -p dev prod
- To sync for default profile as well as multiple selected named profiles, do:
yawsso --default -p dev prod
- To sync for all named profiles start with prefix pattern
lab*, do:
(zsh)
yawsso -p 'lab*'
(bash)
yawsso -p lab*
- To sync for all named profiles start with
lab*as well asdevandprod, do:
yawsso -p 'lab*' dev prod
- Print help to see other options:
yawsso -h
- Then, continue per normal with your daily tools. i.e.
cdk deploy ...terraform apply ...cw ls -p dev groupsawsbw -L -P devsqsmover -s main-dlq -d main-queueecs-cli ps --cluster my-cluster
Additional Use Case
Rename Profile on Sync
- Say, you have the following profile in your
$HOME/.aws/config:
[profile dev]
sso_start_url = https://myorg.awsapps.com/start
sso_region = ap-southeast-2
sso_account_id = 123456789012
sso_role_name = AdministratorAccess
region = ap-southeast-2
output = json
cli_pager =
- You want to populate access token as, say, profile name
fooin$HOME/.aws/credentials:
[foo]
region = ap-southeast-2
aws_access_key_id = XXX
aws_secret_access_key = XXX
aws_session_token = XXX
...
- Do like so:
yawsso -p dev:foo
- Then, you can
export AWS_PROFILE=fooand usefooprofile!
Export Tokens
- Use
-eflag if you want a temporary copy-paste-able time-gated access token for an instance or external machine.
🤚 PLEASE USE THIS FEATURE WITH CARE SINCE ENVIRONMENT VARIABLES USED ON SHARED SYSTEMS CAN GIVE UNAUTHORIZED ACCESS TO PRIVATE RESOURCES:
- Please note that, it uses
defaultprofile if no additional arguments pass.
yawsso -e
export AWS_ACCESS_KEY_ID=xxx
export AWS_SECRET_ACCESS_KEY=xxx
export AWS_SESSION_TOKEN=xxx
- This use case is especially tailored for those who use
defaultprofile and, who would like to PIPE commands as follows.
aws sso login && yawsso -e | pbcopy
- Otherwise, for a named profile, do:
yawsso -p dev -e
- Or, right away export credentials into the current shell environment variables, do:
yawsso -p dev -e | source /dev/stdin
Note: ☝️ are mutually exclusive with the following 👇 auto copy into your clipboard. Choose one, a must!
- If you have
pyperclippackage installed,yawssowill copy access tokens to your clipboard instead.
yawsso -e
Credentials copied to your clipboard for profile 'default'
- You may
pip install pyperclipor, together withyawssoas follows.
pip install 'yawsso[all]'
Login
- You can also use
yawssosubcommandloginto SSO login then sync all in one go.
🙋♂️ NOTE: It uses
defaultprofile if optional argument--profileis absent
yawsso login -h
yawsso login
- Otherwise you can pass the login profile as follows:
yawsso login --profile dev
- Due to lazy consensus design,
yawssowill sync all named profiles once SSO login has succeeded. If you'd like to sync only upto this login profile then use--thisflag to limit as follows.
👉 Login using default profile and sync only upto this default profile
yawsso login --this
👉 Login using named profile dev and sync only upto this dev profile
yawsso login --profile dev --this
Login then Export token
- Exporting access token also support with login subcommand as follows:
👉 Login using default profile, sync only upto this default profile and, print access token
yawsso login -e
👉 Login using named profile dev, sync only upto this dev profile and, print access token
yawsso login --profile dev -e
Develop
- Create virtual environment, activate it and then:
make install
make test
python -m yawsso --trace version
- Create issue or pull request welcome
License
MIT License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
yawsso-0.7.0.tar.gz
(13.2 kB
view details)
Built Distribution
yawsso-0.7.0-py3-none-any.whl
(11.4 kB
view details)
File details
Details for the file yawsso-0.7.0.tar.gz.
File metadata
- Download URL: yawsso-0.7.0.tar.gz
- Upload date:
- Size: 13.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.6.1 requests/2.25.1 setuptools/51.1.1 requests-toolbelt/0.9.1 tqdm/4.55.0 CPython/3.9.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9a539ef9a4fe83a9ff6665eae100d8848dafb461a467c097b56d91367dfda316 |
|
| MD5 | c3d8d7a61db59e794328f8626c482773 |
|
| BLAKE2b-256 | ba12af6c8b02e2b0b491a6ee3c84dc7c9b0b30f2cb0608e6c8a2e817f6954b80 |
File details
Details for the file yawsso-0.7.0-py3-none-any.whl.
File metadata
- Download URL: yawsso-0.7.0-py3-none-any.whl
- Upload date:
- Size: 11.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.6.1 requests/2.25.1 setuptools/51.1.1 requests-toolbelt/0.9.1 tqdm/4.55.0 CPython/3.9.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f3eabad46702afdc2a95a50353c4f9dabc61530c9caf008b7b9f3c7851383ed2 |
|
| MD5 | 35c55403fe227886f9c2d99b82df8fc1 |
|
| BLAKE2b-256 | 207b12410f374a24cd015ce3fd3921c42e4b9535f19af4ac7374485a0c7b4b00 |
