search

benkehoe / aws-sso-util

Smooth out the rough edges of AWS SSO (temporarily, until AWS makes it better).
Apache License 2.0
932 stars 70 forks source link

Add sso-start-url information to profile name process input #118

Open eriweb opened 3 months ago

eriweb commented 3 months ago

I've got multiple aws organizations and identity centers, and to make matters worse the same account names in them all.

Would it be possible to add information about sso url to the profile name process? that way i could customize the naming and take sso url into consideration

iainelder commented 3 months ago

You can use the components option to customize the profile name format.

There is no dynamic component for instance-level attributes, but you can use a literal to name each instance.

I work with Identity Center instances for OrgA and OrgB.

OrgA and OrgB each have two accounts called Name1 and Name2. I can assume 1 role in each account.

Today I handle it by using a different command for each instance to populate the profiles.

aws-sso-util configure populate \
--sso-start-url "..." \
--sso-region "..." \
--region "..." \
--components "OrgA,account_name,account_id,role_name"

aws-sso-util configure populate \
--sso-start-url "..." \
--sso-region "..." \
--region "..." \
--components "OrgB,account_name,account_id,role_name"

That generates a list of profiles like this:

OrgA.Name1.111111111111.Role1
OrgA.Name2.222222222222.Role1
OrgB.Name1.333333333333.Role1
OrgB.Name2.444444444444.Role1

You can distinguish the two "Name1" accounts by the different prefixes "OrgA" and "OrgB".

I like to include the account ID in the profile name for extra clarity.

Such a long name may be awkward to type. To avoid that I run the aws configure list-profiles command, copy the profile I need from the output, and paste it where I need it.

benkehoe commented 1 month ago

Sorry for the very long delay (and it will be a while longer as I get spun back up on my projects). This is a good idea and I will add it. However, I believe you can accomplish this today by adding the start URL to the command you're giving to --profile-name-process, e.g.

aws-sso-util configure populate --sso-start-url $AWS_SSO_START_URL ... --profile-name-process "my_profile_process $AWS_SSO_START_URL"

Note to self: add a note to the docs that arguments may get added over time (but will never get reduced or rearranged), so process formatters should not rely on a specific number of total arguments, as in unpacking sys.argv[:7] rather than sys.argv