Skip to main content

Yet Another AWS SSO - sync up AWS CLI v2 SSO login session to legacy CLI v1 credentials

Project description

yawsso

Pull Request Build Status Build Status codecov.io Coverage Status Codacy Badge Language grade: Python Total alerts PyPI - Downloads PyPI PyPI - License

Yet Another AWS SSO - sync up AWS CLI v2 SSO login session to legacy CLI v1 credentials.

Prerequisite

  • Required Python >= 3.6
  • Required AWS CLI v2
  • Assume you have already setup AWS SSO for your organization

Main Use Case

pip install yawsso
  • Do your per normal SSO login and, have at least one active SSO session cache:
aws sso login --profile dev
  • To sync for all named profiles in config (i.e. lazy consensus), then just:
yawsso
  • To sync default profile and all named profiles, do:
yawsso --default
  • To sync default profile only, do:
yawsso --default-only
  • To sync for selected named profile, do:
yawsso -p dev
  • To sync for multiple selected named profiles, do:
yawsso -p dev prod
  • To sync for default profile as well as multiple selected named profiles, do:
yawsso --default -p dev prod
  • To sync for all named profiles start with prefix pattern lab*, do:
(zsh)
yawsso -p 'lab*'

(bash)
yawsso -p lab*
  • To sync for all named profiles start with lab* as well as dev and prod, do:
yawsso -p 'lab*' dev prod
  • Print help to see other options:
yawsso -h
  • Then, continue per normal with your daily tools. i.e.
    • cdk deploy ...
    • terraform apply ...
    • cw ls -p dev groups
    • awsbw -L -P dev
    • sqsmover -s main-dlq -d main-queue
    • ecs-cli ps --cluster my-cluster

Additional Use Case

Rename Profile on Sync

  • Say, you have the following profile in your $HOME/.aws/config:
[profile dev]
sso_start_url = https://myorg.awsapps.com/start
sso_region = ap-southeast-2
sso_account_id = 123456789012
sso_role_name = AdministratorAccess
region = ap-southeast-2
output = json
cli_pager =
  • You want to populate access token as, say, profile name foo in $HOME/.aws/credentials:
[foo]
region = ap-southeast-2
aws_access_key_id = XXX
aws_secret_access_key = XXX
aws_session_token = XXX
...
  • Do like so:
yawsso -p dev:foo
  • Then, you can export AWS_PROFILE=foo and use foo profile!

Export Tokens

  • Use -e flag if you want a temporary copy-paste-able time-gated access token for an instance or external machine.

🤚 PLEASE USE THIS FEATURE WITH CARE SINCE ENVIRONMENT VARIABLES USED ON SHARED SYSTEMS CAN GIVE UNAUTHORIZED ACCESS TO PRIVATE RESOURCES:

  • Please note that, it uses default profile if no additional arguments pass.
yawsso -e
export AWS_ACCESS_KEY_ID=xxx
export AWS_SECRET_ACCESS_KEY=xxx
export AWS_SESSION_TOKEN=xxx
  • This use case is especially tailored for those who use default profile and, who would like to PIPE commands as follows.
aws sso login && yawsso -e | pbcopy
  • Otherwise, for a named profile, do:
yawsso -p dev -e
  • Or, right away export credentials into the current shell environment variables, do:
yawsso -p dev -e | source /dev/stdin 

Note: ☝️ are mutually exclusive with the following 👇 auto copy into your clipboard. Choose one, a must!

  • If you have pyperclip package installed, yawsso will copy access tokens to your clipboard instead.
yawsso -e
Credentials copied to your clipboard for profile 'default'
  • You may pip install pyperclip or, together with yawsso as follows.
pip install 'yawsso[all]'

Login

  • You can also use yawsso subcommand login to SSO login then sync all in one go.

🙋‍♂️ NOTE: It uses default profile if optional argument --profile is absent

yawsso login -h
yawsso login
  • Otherwise you can pass the login profile as follows:
yawsso login --profile dev
  • Due to lazy consensus design, yawsso will sync all named profiles once SSO login has succeeded. If you'd like to sync only upto this login profile then use --this flag to limit as follows.

👉 Login using default profile and sync only upto this default profile

yawsso login --this

👉 Login using named profile dev and sync only upto this dev profile

yawsso login --profile dev --this

👉 Login using named profile dev and sync as foo. See above for more details on renaming, limited to one profile.

yawsso login --profile dev:foo

Login then Export token

  • Exporting access token also support with login subcommand as follows:

👉 Login using default profile, sync only upto this default profile and, print access token

yawsso login -e

👉 Login using named profile dev, sync only upto this dev profile and, print access token

yawsso login --profile dev -e

Develop

  • Create virtual environment, activate it and then:
make install
make test
python -m yawsso --trace version
  • Create issue or pull request welcome

License

MIT License

License: MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

yawsso-0.7.2.tar.gz (13.3 kB view details)

Uploaded Source

Built Distribution

yawsso-0.7.2-py3-none-any.whl (11.5 kB view details)

Uploaded Python 3

File details

Details for the file yawsso-0.7.2.tar.gz.

File metadata

  • Download URL: yawsso-0.7.2.tar.gz
  • Upload date:
  • Size: 13.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.6.1 requests/2.25.1 setuptools/51.1.1 requests-toolbelt/0.9.1 tqdm/4.55.0 CPython/3.9.6

File hashes

Hashes for yawsso-0.7.2.tar.gz
Algorithm Hash digest
SHA256 51d27c89957bfd9d13154797bfd445646e54ffe5fc1edc69b92ce750423385ce
MD5 cc6badf5b7696da72c2c6b67cb3d7184
BLAKE2b-256 f2146df79fb8649e909ce6f66edd47bf529ace1233cf155acb36ecb195b2c37e

See more details on using hashes here.

File details

Details for the file yawsso-0.7.2-py3-none-any.whl.

File metadata

  • Download URL: yawsso-0.7.2-py3-none-any.whl
  • Upload date:
  • Size: 11.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.6.1 requests/2.25.1 setuptools/51.1.1 requests-toolbelt/0.9.1 tqdm/4.55.0 CPython/3.9.6

File hashes

Hashes for yawsso-0.7.2-py3-none-any.whl
Algorithm Hash digest
SHA256 f3c51d37e4615020c7809057ae9540c70d4b94a08806795385493f88ae2b7a8f
MD5 eb50e3568ae4d3a35e1b0b7078159ae1
BLAKE2b-256 2f912c655a38813dd084a6adfe9b88a2cd9a2b08cd6e5e3f595800ba770429db

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page