search

jaxxstorm / aws-sso-creds

Get AWS SSO temporary creds from an SSO profile
MIT License
187 stars 24 forks source link

Add support for sso-session section in AWS config #16

Closed jtgasper3 closed 1 year ago

jtgasper3 commented 1 year ago

Getting an error: Error: error retrieving SSO config: no SSO url in profile: admin

The missing settings are in the "shared" config in the sso-session section of the file and are inherited by the profile via the sso_session property.

See:

jtgasper3 commented 1 year ago

I took a stab at it, but I'm not much of a Golang dev, so feel free to change or request changes.

PR #17

jaxxstorm commented 1 year ago

@jtgasper3 do you have an example implementation of this I can test this out on?

jtgasper3 commented 1 year ago

@jaxxstorm,

My apologies for not responding earlier. I missed your request/message until the "Close" message bubbled it up in my inbox again.

If it is still helpful:

[profile ro]
sso_session = east-sso
sso_account_id = 123456
sso_role_name = ReadOnly
region = us-east-1
output = json

[profile admin]
sso_session = east-sso
sso_account_id = 123456
sso_role_name = AdminAccess
region = us-east-1
output = json

[sso-session company-sso]
sso_start_url = https://company-sso.awsapps.com/start
sso_region = us-east-1
vfilter commented 1 year ago

Having the same issue with this config when running aws-sso-creds get --profile dev with version 1.4.0

`` [profile dev] sso_start_url = https://company.awsapps.com/start#/ sso_region = ap-northeast-1 sso_session = my-sso sso_account_id = XXXXXXXXXX sso_role_name = AWSAdministratorAccess region = ap-northeast-1 output = json

[sso-session my-sso] sso_start_url = https://company.awsapps.com/start#/ sso_region = ap-northeast-1 sso_registration_scopes = sso:account:access

[profile prod] sso_session = my-sso sso_account_id = XXXXXXXXX sso_role_name = AWSAdministratorAccess region = ap-northeast-1 output = json ``

jaxxstorm commented 1 year ago

@vfilter if you move the session above the profile, does it work?

uvw commented 1 year ago

@jaxxstorm, I made a small improvement in the way aws-sso-creds merges SSO options from profile & sso-session to follow the AWS CLI behavior more closely. The order of these sections in the config should not matter too. Would you mind taking a look at #32?

As I mentioned in the PR, a much better approach would be to upgrade to aws/aws-sdk-go-v2 since it supports CLI v2 SSO options and can handle the SSO token cache itself. But it's too big of a task for me to take right now.

jaxxstorm commented 1 year ago

Looks great @uvw thanks for the contribution!

uvw commented 1 year ago

Wow that was quick, @jaxxstorm! 👍 Thank you for accepting the PR!