AWS SSO LOGIN

Currently aws sso login is used to login to AWS OKTA and generate temporary credentials. But it does not support old .aws/credentials format which terraform still refers to as specified in bug AWS_issue_10851

This script aims to update .aws/credentials file with the temporary credentials generated on SSO login
Injects AWS environment variables into your shell by running below cmds -

*  export AWS_ACCESS_KEY_ID=123; export AWS_SECRET_ACCESS_KEY=123; export AWS_SESSION_TOKEN=123

Updates given profile (defaults to default profile)

*  If profile is already defined it replaces existing value of access_key_id, secret_access_ky, session_token
*  If profile does not exist it adds to file

Works with SSO session, as well as one time AWS access/secret keys

Prerequisites

AWS CLI 2

Setup

Add this folder to your path - export PATH=$PATH:aws_sso_login

Usage

aws login sso
eval $(inject_credentials.py) - this sets your shell up with AWS environment variables

Options

inject_credentials.py
- This injects credentials from ~/.aws/cli/cache into ~/.aws/credentials and sets env variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN
- This can be invoked as - inject_credentials.py [-h] [--profile PROFILE] [--aws-cred-file CREDENTIALS_FILE] [-v]
- --profile defaults to default
- --aws-cred-file defaults to ~/.aws/credentials
- -v for verbose debug loggin

All the arguments are optional

the script can also access arguments via environment variables as
- export AWS_CRED_FILE=""
The precedence of picking up arguments is
- cmd-line arguments
- environment variables
- default values (for profile, credentials file)

Recommendations

If using iTerm2,
- Create profile that runs shell cmd at startup - eval $(inject_credentials.py)
- When using multiple tabs, instead of running eval $(inject_credentials.py) for each tab, close iTerm2, and reopen it. This causes all tabs to reopen and also run the eval $(inject_credentials.py) script on startup

arvindkgs/aws_sso_login

AWS SSO LOGIN

This script aims to update .aws/credentials file with the temporary credentials generated on SSO login

Injects AWS environment variables into your shell by running below cmds -

Updates given profile (defaults to `default` profile)

Works with SSO session, as well as one time AWS access/secret keys

Prerequisites

Setup

Usage

Options

inject_credentials.py

All the arguments are optional

the script can also access arguments via environment variables as

The precedence of picking up arguments is

cmd-line arguments

environment variables

default values (for profile, credentials file)

Recommendations

arvindkgs/aws_sso_login

AWS SSO LOGIN

This script aims to update .aws/credentials file with the temporary credentials generated on SSO login

Injects AWS environment variables into your shell by running below cmds -

Updates given profile (defaults to default profile)

Works with SSO session, as well as one time AWS access/secret keys

Prerequisites

Setup

Usage

Options

inject_credentials.py

All the arguments are optional

the script can also access arguments via environment variables as

The precedence of picking up arguments is

cmd-line arguments

environment variables

default values (for profile, credentials file)

Recommendations

Updates given profile (defaults to `default` profile)