aws-sso

command module
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 9, 2024 License: MIT Imports: 1 Imported by: 0

README

aws-sso

aws-sso streamlines local AWS authentication in an idiomatic way, allowing additional configuration to automatically authenticate to EKS and ECR. This tool is intentionally small and narrowly scoped to attempt to make AWS authentication as easy and repeatable as possible.

Installing

Installation can be done with either homebrew or krew:

brew tap louislef299/aws-sso
brew install aws-sso
kubectl krew index add louislef299 https://github.com/louislef299/aws-sso.git
kubectl krew install louislef299/aws-sso

Quick Start

The first time you authenticate to aws-sso, you will need to have gathered the following information:

With that information, just run aws-sso login. Initial configuration will be triggered and will follow a similar workflow:

louislef299 ~ % aws-sso login
enter your full name(first last): Louis Lefebvre
enter your email: louislefebvre1999@gmail.com
please enter a prefix alias for this context(ex: env1): env1
2024/01/12 16:25:36 login.go:80: using token default
2024/01/12 16:25:36 account.go:105: couldn't find an account ID matching profile env1, using empty default...
enter your AWS access portal URL: https://your_subdomain.awsapps.com/start
2024/01/12 16:25:46 oidc.go:73: gathering client info
2024/01/12 16:25:46 oidc.go:81: registering client
2024/01/12 16:25:47 oidc.go:132: user validation code: 0000-0000
Successfully authorized!
✔ #1 aws-account-1 000000000000
2024/01/12 16:26:02 account.go:41: Selected account: aws-account-1 - 000000000000
2024/01/12 16:26:02 role.go:64: HINT: if you would like to reuse a specific iam profile, you can set core.defaultRole to your iam profile.
✔ #3 My-Role
2024/01/12 16:26:04 login.go:344: using aws role My-Role
2024/01/12 16:26:04 sts.go:138: saving data to /Users/louislef299/.aws/sso/cache/last-usage.json
If you would like to use these creds with the aws cli, please copy and paste the following command:
  export AWS_PROFILE=env1-aws-sso
2024/01/12 16:26:05 login.go:227: loading up new config env1-aws-sso

The above process will create a new named profile in your local AWS configuration file and cache an access token with last usage information.

Once you have logged in, you can run aws-sso whoami to validate a successful login. The authentication process can be streamlined further with configuration settings.

Contributing

Myself and this project are relatively young, so be patient. Feel free to open up Issues or Feature Requests, add documentation or tackle one of the Known Issues below. 🤗

Known Issues
  • Disable EKS default config

  • Delete old access tokens using token rm

  • On-board additional operating systems and browsers for private flag

  • Remove kube config context when logging out with -c

  • Allow for impersonation with kubeconfig

  • Allow assuming another rule with the existing credentials

  • SAML integration

  • Add account at login

  • Fails on files no found => Test needs to be added for getAWSConfigSections and possibly other cmd functions. This was the error:

    2024/01/25 15:24:14 login.go:83: using token default
    2024/01/25 15:24:14 login.go:199: using region us-east-1 to login
    2024/01/25 15:24:14 login.go:87: could not generate AWS config: open /Users/user/.aws/config: no such file or directory
    

Documentation

Overview

Copyright © 2023 Louis Lefebvre <louislefebvre1999@gmail.com>

Directories

Path Synopsis
internal
pkg

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL