Support for AWS SSO credentials

aws / aws-sdk-java

The official AWS SDK for Java 1.x. The AWS SDK for Java 2.x is available here: https://github.com/aws/aws-sdk-java-v2/

https://aws.amazon.com/sdkforjava

Apache License 2.0

4.1k stars 2.83k forks source link

Support for AWS SSO credentials #2434

Open andyndang opened 3 years ago

andyndang commented 3 years ago

I'd like to use AWS SSO as the credentials for my program:

aws sso login

I can use SSO credentials in boto3

Describe the Feature

AWS SSO credentials to replace static AWS credentials

Is your Feature Request related to a problem?

I'm frustrated because I keep having to manually copy the credentials from SSO portal to my disk

Proposed Solution

Replicate the boto3 implementation?

Describe alternatives you've considered

N/A

Additional Context

N/A

Your Environment

AWS Java SDK version used: 1.11.880
JDK version used: 1.8
Operating System and version: MacOS X

debora-ito commented 3 years ago

@andyndang thank you for reaching out, feature request noted.

josephwofford commented 3 years ago

See https://github.com/aws/aws-cli/issues/4982 and https://github.com/aws/aws-sdk-java-v2/issues/1970.

I'm currently using https://github.com/victorskl/yawsso to work around the problem, but there are easily a half dozen other workarounds.

AWS Single Sign-On (SSO) is a really cool feature, but it's unfortunate that so few tools currently support it.

internetstaff commented 3 years ago

This is a big pain point for us. Migrating to v2 is non-trivial, so we're stuck with nasty work-arounds to use SSO.

debora-ito commented 3 years ago

@internetstaff thank you for reaching out, I understand that the task to migrate to v2 is not a trivial one. We'd like to add native support for SSO in v1 but currently the team efforts are focused in releasing features for SDK v2 and in closing the feature parity gap.

I'd like to point out that you can use v2 SSO Credential Provider with some modifications, even if your project uses mostly SDK v1. You can add the v2 sso dependency (showing here in a pom.xml file):

<dependency>
    <groupId>software.amazon.awssdk</groupId>
    <artifactId>sso</artifactId>
    <version>2.16.40</version>
</dependency>

and write an adapter to SsoCredentialsProvider for it to work in a v1 style credential provider. The adapter would look like the example shown here for a ProfileCredentialsProvider: https://github.com/aws/aws-sdk-java/issues/803#issuecomment-593530484

internetstaff commented 3 years ago

@debora-ito Thank you, that actually worked pretty well, even with Spring Cloud AWS. :)

andreacavagna01 commented 3 years ago

At least you can use Leapp to generate temporary credentials from aws SSO and then use this inside the sdk

https://github.com/Noovolari/leapp

francis-a commented 2 years ago

Is anyone able to provide an update on this? I'm just asking since the issue has been open for quite some time without much feedback. It would help us a lot of there was any kind of update so we could think about either upgrading to the v2 SDK or using the collection of workarounds in v1.

wojtekk commented 2 years ago

Hi, any update on this topic?

thallium205 commented 11 months ago

Hi - any updates on this topic?