Allow SSO defaults to be set in ~/.aws/config

benkehoe / aws-sso-util

Smooth out the rough edges of AWS SSO (temporarily, until AWS makes it better).

Apache License 2.0

951 stars 72 forks source link

Allow SSO defaults to be set in ~/.aws/config #8

Open benkehoe opened 3 years ago

benkehoe commented 3 years ago

Instead of only using environment variables, users should be able to use special sections in their ~/.aws/config files, something like:

[sso default]
sso_start_url = https://d-2e69cb2b10.awsapps.com/start
sso_region = us-east-2
sso_instance = arn:aws:sso:::instance/ssoins-30213ab2f09c7da5
identity_store = d-2e69cb2b10

I've opened a related request against the AWS CLI https://github.com/aws/aws-cli/issues/5727

ulrikandersen commented 1 year ago

Any update on this @benkehoe? I can see that https://github.com/aws/aws-cli/issues/5727 was closed with a merge.

I would like to be able to easily switch between different SSO instances without having to re-set AWS_DEFAULT_SSO_START_URL and AWS_DEFAULT_SSO_REGION.

Use case: I have several SSO instances and I wish I could easily switch SSO when using aws-sso-util roles. Currently I need to set AWS_DEFAULT_SSO_REGION and AWS_DEFAULT_SSO_REGION every time. Unless I have missed something in the docs.

Edit: Studying the documentation a bit more thoroughly I see that aws-sso-util roles automatically detects that I have multiple SSO instances and asks me to select which one using the -u flag. This is actually exactly what I was looking for. Feel free to ignore this comment @benkehoe 🙂

Options:
  -u, --sso-start-url URL         Your Identity Center start URL

benkehoe commented 1 year ago

I have a branch where I am working on support for config sessions, which is a generalization of this, and it will also have both command line flag and env var support

benkehoe commented 1 year ago

Note also that you don't need the full start URL with -u, it gets matched as a regex. so if you have https://foo.awsapps.com/start and https://bar.awsapps.com/start as start URLs in your config, -u foo is sufficient to select the first one

ulrikandersen commented 1 year ago

I have a branch where I am working on support for config sessions, which is a generalization of this, and it will also have both command line flag and env var support

@benkehoe Can I help with this? It will be really useful to be able to run aws-sso-util configure populate with an SSO config session.

benkehoe commented 1 year ago

@ulrikandersen I'm not going to have time to deal with code changes until probably some time next month. And the code changes I have are first around supporting sessions in aws-sso-util outside of configure (e.g., aws-sso-util login --sso-session my-session.

For aws-sso-util configure populate, what would be helpful is working through what the CLI interface should be, because it probably gets a little complicated. For example, should it create/modify the session in the populate command, or should that be separate (e.g., a new aws-sso-util configure session)? If you want to open a new issue with some thoughts, we could discuss that topic.