Closed chrislockard closed 2 years ago
infosec-au
commented
2 years ago Hi @chrislockard -
I use boto3 as the library to parse the AWS config file and attempt each profile.
As far as I know, SSO profiles can be configured in your AWS config / credentials file.
Can you give this tool a shot and paste a stack trace if it does occur?
I do not have any AWS accounts setup with SSO to test this, so it is hard for me to build this feature at the moment.
Thanks
benkehoe
commented
2 years ago Nothing I can see should prevent this tool from working with AWS SSO. If you wanted to ensure it, you could update requirements.txt to require boto3 >= 1.14.0, which was when AWS SSO support was added.
infosec-au
commented
2 years ago Thanks for clarifying @benkehoe - I am closing this issue for now, if anyone has issues with using AWS SSO, please open a new issue.
This tool would be amazing for my organization!
However, we leverage AWS SSO to manage access to our hundreds of accounts. It's therefore unfeasible to create specific IAM users and roles for each account.
Instead, it would be great if I could pass an SSO role and either a list of accounts or have the tool automatically query orgs to parse all accounts within our OUs to run in each.
Thanks for working on this (❤️ the name as well!)