Yet Another AWS SSO - sync up AWS CLI v2 SSO login session to legacy CLI v1 credentials.
- Required
Python >= 3.6
- Required AWS CLI v2
- Assume you have already setup AWS SSO for your organization
- Install latest from PyPI like so:
pip install yawsso
- Do your per normal SSO login and, have at least one active SSO session cache:
aws sso login --profile dev
- To sync for all named profiles in config (i.e. lazy consensus), then just:
yawsso
- To sync default profile and all named profiles, do:
yawsso --default
- To sync default profile only, do:
yawsso --default-only
- To sync for selected named profile, do:
yawsso -p dev
- To sync for multiple selected named profiles, do:
yawsso -p dev prod
- To sync for default profile as well as multiple selected named profiles, do:
yawsso --default -p dev prod
- To sync for all named profiles start with prefix pattern
lab*
, do:
(zsh)
yawsso -p 'lab*'
(bash)
yawsso -p lab*
- To sync for all named profiles start with
lab*
as well asdev
andprod
, do:
yawsso -p 'lab*' dev prod
- Print help to see other options:
yawsso -h
- Then, continue per normal with your daily tools. i.e.
cdk deploy ...
terraform ...
cw ls -p dev groups
awsbw -L -P dev
- Use
-e
flag if you want a temporary copy-paste-able time-gated access token for an instance or external machine.
🤚 PLEASE USE THIS FEATURE WITH CARE SINCE ENVIRONMENT VARIABLES USED ON SHARED SYSTEMS CAN GIVE UNAUTHORIZED ACCESS TO PRIVATE RESOURCES:
- Please note that, it uses
default
profile if no additional arguments pass.
yawsso -e
export AWS_ACCESS_KEY_ID=xxx
export AWS_SECRET_ACCESS_KEY=xxx
export AWS_SESSION_TOKEN=xxx
- This use case is especially tailored for those who use
default
profile and, who would like to PIPE commands as follows.
aws sso login && yawsso -e | pbcopy
- Otherwise for a named profile, do:
yawsso -p dev -e
- If you have
pyperclip
package installed,yawsso
will copy access tokens to your clipboard instead.
yawsso -e
Credentials copied to your clipboard for profile 'default'
- You may
pip install pyperclip
or, together withyawsso
as follows.
pip install 'yawsso[all]'
- You can also use
yawsso
subcommandlogin
to SSO login then sync all in one go.
🙋♂️ NOTE: It uses
default
profile if optional argument--profile
is absent
yawsso login -h
yawsso login
- Otherwise you can pass the login profile as follows:
yawsso login --profile dev
- Due to lazy consensus design,
yawsso
will sync all named profiles once SSO login has succeeded. If you'd like to sync only upto this login profile then use--this
flag to limit as follows.
👉 Login using default profile and sync only upto this default profile
yawsso login --this
👉 Login using named profile dev and sync only upto this dev profile
yawsso login --profile dev --this
- Exporting access token also support with login subcommand as follows:
👉 Login using default profile, sync only upto this default profile and, print access token
yawsso login -e
👉 Login using named profile dev, sync only upto this dev profile and, print access token
yawsso login --profile dev -e
- Create virtual environment, activate it and then:
make install
make test
python -m yawsso --trace version
- Create issue or pull request welcome
MIT License