search

common-fate / granted

The easiest way to access your cloud.
https://granted.dev
MIT License
964 stars 91 forks source link

Use AWS SDK to load sso-session sections enable multiple sso users #530

Closed JoshuaWilkes closed 8 months ago

JoshuaWilkes commented 8 months ago

What changed?

In order to support uses who login with multiple SSO users we needed to update our implementation of sso-session section support.

When it was first added, the AWS sdk did not yet have support for it, this has since been added so code related to loading those sections has been updated/removed in favour of the sdk.

Why?

How did you test it?

The following config is an example of how you can have 2 profiles that login to the same account with a different aws user by using an sso-session section for one of them.

You can also use an sso section for both your users and their config can be the same, they just need different names

make cli
dassume profile-1
dassume profile-2
[sso-session user-1]
sso_start_url  = https://example.awsapps.com/start
sso_region     = ap-southeast-2

[profile profile-1]
sso_session = user-1
sso_account_id = 12345678912
sso_role_name  = AWSAdministratorAccess
region                 = ap-southeast-2

[profile profile-2]
sso_start_url  = https://example.awsapps.com/start
sso_region     = ap-southeast-2
sso_account_id = 12345678912
sso_role_name  = AWSAdministratorAccess
region                 = ap-southeast-2

Potential risks

Is patch release candidate?

Link to relevant docs PRs