Ability to save/load Role Configuration via Drive/Google/S3

[Kyle-Newton]

We have multiple users using this configuration and are constantly updating it with more accounts + no 200 limit

The ability to point AWS Extend Switch Roles to a source other than sync or local. Where all our users can continue to modify and add to the file without having drift between users on new account additions and changes.

Currently we have Master DOCX files in OneDrive we use and try to keep as up to date as possible but are quickly approaching the 200 limit and would like to be able to point it to some cloud file instead.

We are an AWS reseller and have been using the tool for a few years along with SSO to easily hop into a main account and then access individual accounts via various roles set for each customer. We lovingly referring to it as "BlueKey" and we've been trying our best to keep all our configurations organized, alphabetized, and under control. Being able to just point it to a file(s) to pull in the configurations and keep up to date would be amazing.

[XargsUK]

@Kyle-Newton Recently put together this project: https://github.com/XargsUK/aesr-s3-config-sender. I pushed out v0.0.4 to the chrome store which should be going live in an hour or so. At the moment, the supported methods of authentication are IAM user access keys and Cognito for the AESR Switch Roles Sender. Allows you to sync your switch roles using an S3 config. If you're going to test it out, until Chrome sign off on the update, use the release in GitHub and the Manual Unpacked install. Completely open to feedback, let me know your thoughts!

On the config generation, have you thought about automating this? We currently use a lambda which generates the switch roles config using AWS organizations. It runs every 30 minutes, and if something new is added to the org or removed, the config is generated to the S3 bucket. If there's a management account outside of the org, we add a role to it, and add it to a config so that the lambda checks against this orgs as well. If we're adding a single account, but do not have access to the org account, we can just manually add them to a file in s3 and they will be included in the final config as well. Let me know if you think it would be useful for me to add the Python lambda on GH.

[XargsUK]

@Kyle-Newton if you do give it a test, completely open to adding features and changing the application. Trying to make it useful.

[Kyle-Newton]

I just installed the extension on the work profile, will work to test it out next week, as ideally I want to also link some sort of script to watch for file updates to Sharepoint and keep the most recent version in S3, as it will be the easiest method for our team to keep it updated.