/yawsso

Yet Another AWS SSO - sync up AWS CLI v2 SSO login session to legacy CLI v1 credentials

Primary LanguagePythonMIT LicenseMIT

yawsso

Pull Request Build Status Build Status codecov.io Coverage Status Codacy Badge Language grade: Python Total alerts PyPI - Downloads PyPI PyPI - License

Yet Another AWS SSO - sync up AWS CLI v2 SSO login session to legacy CLI v1 credentials.

Prerequisite

  • Required Python >= 3.6
  • Required AWS CLI v2
  • Assume you have already setup AWS SSO for your organization

Main Use Case

pip install yawsso
  • Do your per normal SSO login and, have at least one active SSO session cache:
aws sso login --profile dev
  • To sync for all named profiles in config (i.e. lazy consensus), then just:
yawsso
  • To sync default profile and all named profiles, do:
yawsso --default
  • To sync default profile only, do:
yawsso --default-only
  • To sync for selected named profile, do:
yawsso -p dev
  • To sync for multiple selected named profiles, do:
yawsso -p dev prod
  • To sync for default profile as well as multiple selected named profiles, do:
yawsso --default -p dev prod
  • To sync for all named profiles start with prefix pattern lab*, do:
(zsh)
yawsso -p 'lab*'

(bash)
yawsso -p lab*
  • To sync for all named profiles start with lab* as well as dev and prod, do:
yawsso -p 'lab*' dev prod
  • Print help to see other options:
yawsso -h
  • Then, continue per normal with your daily tools. i.e.
    • cdk deploy ...
    • terraform ...
    • cw ls -p dev groups
    • awsbw -L -P dev

Additional Use Case

Export Tokens

  • Use -e flag if you want a temporary copy-paste-able time-gated access token for an instance or external machine.

🤚 PLEASE USE THIS FEATURE WITH CARE SINCE ENVIRONMENT VARIABLES USED ON SHARED SYSTEMS CAN GIVE UNAUTHORIZED ACCESS TO PRIVATE RESOURCES:

  • Please note that, it uses default profile if no additional arguments pass.
yawsso -e
export AWS_ACCESS_KEY_ID=xxx
export AWS_SECRET_ACCESS_KEY=xxx
export AWS_SESSION_TOKEN=xxx
  • This use case is especially tailored for those who use default profile and, who would like to PIPE commands as follows.
aws sso login && yawsso -e | pbcopy
  • Otherwise for a named profile, do:
yawsso -p dev -e
  • If you have pyperclip package installed, yawsso will copy access tokens to your clipboard instead.
yawsso -e
Credentials copied to your clipboard for profile 'default'
  • You may pip install pyperclip or, together with yawsso as follows.
pip install 'yawsso[all]'

Login

  • You can also use yawsso subcommand login to SSO login then sync all in one go.

🙋‍♂️ NOTE: It uses default profile if optional argument --profile is absent

yawsso login -h
yawsso login
  • Otherwise you can pass the login profile as follows:
yawsso login --profile dev
  • Due to lazy consensus design, yawsso will sync all named profiles once SSO login has succeeded. If you'd like to sync only upto this login profile then use --this flag to limit as follows.

👉 Login using default profile and sync only upto this default profile

yawsso login --this

👉 Login using named profile dev and sync only upto this dev profile

yawsso login --profile dev --this

Login then Export token

  • Exporting access token also support with login subcommand as follows:

👉 Login using default profile, sync only upto this default profile and, print access token

yawsso login -e

👉 Login using named profile dev, sync only upto this dev profile and, print access token

yawsso login --profile dev -e

Develop

  • Create virtual environment, activate it and then:
make install
make test
python -m yawsso --trace version
  • Create issue or pull request welcome

License

MIT License

License: MIT