Command-line utility and helper.
make docker-build
This creates a shell script at /usr/local/bin/sso
for running the script.
docker run sso sso wrapper install | sh
docker run sso sso wrapper install | sudo sh
Currently, the SSO client supports two runtime environments "dev" and "prod". By default, the client will retrieve "dev" credentials and not "prod". If you don't have multiple AWS SSO URLs, you can configure everything for the "dev" environment and be happy. In the future, the utility will be modified to read environments from configuration and not code.
~/.aws/config
[default]
region = us-west-2
[sso_dev]
startUrl = https://myssourl.awsapps.com/start#/
region = us-west-2
[sso_dev.aliases]
int = 12345_AWSAdministratorAccess
prod = 56789_AWSAdministratorAccess
dev = 34567_AWSAdministratorAccess
sso getcreds
The script will emit a URL for the user to go to in their browser. AWS SSO will handle any
authentication needed, and the sso
utility will then use oauth to access the AWS SSO API.
The sso
utility will create a profile in ~/.aws/credentials
with every account, role pair
available to the user. In addition, short aliases can be defined (see above). It is recommended
that a ~/.aws/config
profile entry be created with default regions for accounts, but is not
required.
- Jeff Bachtel - Initial work - github
See also the list of contributors who participated in this project.
All rights reserved.