Forked from lukeplausin/auto_configure_aws_cli_sso_roles.sh
Created
August 6, 2024 21:05
-
-
Save lcoutinho/c1d965a5d45e7a85904b8f4a56ea1ae0 to your computer and use it in GitHub Desktop.
Revisions
-
lukeplausin revised this gist
Oct 28, 2023 . 1 changed file with 13 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,10 +12,18 @@ rm -rf ~/.aws/config_append at_filename=$(ls ~/.aws/sso/cache/*.json | grep -v botocore | head -n 1) at=$(cat $at_filename | jq -r '.accessToken') start_url=$(cat $at_filename | jq -r '.startUrl') region_sso=$(cat $at_filename | jq -r '.region // "us-east-1"') # alter this line if you prefer to work in a specific region # e.g. assume_role_region=eu-west-2 assume_role_region=$region_sso if [[ "$at" =~ "null" ]] ; then echo "No access token found. Did you remember to run 'aws sso login' first?" ; fi # Iterate account list available_accounts=$(aws sso list-accounts --region "$region_sso" --access-token "$at") n_accounts=$(echo $available_accounts | jq '.accountList | length') echo "Accounts found: $n_accounts" @@ -25,7 +33,7 @@ while IFS= read account_id ; do echo "account: $account_id" account_data=$( echo $available_accounts | jq -r ".accountList | .[] | select( .accountId == \"$account_id\" )" ) account_name=$(echo $account_data | jq -r '.accountName // .accountId' | xargs | tr -d "[:space:]") account_roles=$(aws sso list-account-roles --region "$region_sso" --access-token "$at" --account-id $account_id) role_names=$(echo $account_roles | jq -r '.roleList | .[] | .roleName') while read role_name ; do echo " role: $role_name" @@ -37,11 +45,11 @@ while IFS= read account_id ; do [profile $config_profile_name] sso_start_url = $start_url sso_region = $region_sso sso_account_id = $account_id sso_role_name = $role_name sts_regional_endpoints = regional region = $assume_role_region EOF else echo " profile: $config_profile_name found, doing nothing..." -
Aug 24, 2022 . 1 changed file with 4 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -15,7 +15,7 @@ start_url=$(cat $at_filename | jq -r '.startUrl') region=$(cat $at_filename | jq -r '.region') # Iterate account list available_accounts=$(aws sso list-accounts --region "$region" --access-token "$at") n_accounts=$(echo $available_accounts | jq '.accountList | length') echo "Accounts found: $n_accounts" @@ -24,8 +24,8 @@ account_list=$(echo $available_accounts | jq -r '.accountList | .[] | .accountId while IFS= read account_id ; do echo "account: $account_id" account_data=$( echo $available_accounts | jq -r ".accountList | .[] | select( .accountId == \"$account_id\" )" ) account_name=$(echo $account_data | jq -r '.accountName // .accountId' | xargs | tr -d "[:space:]") account_roles=$(aws sso list-account-roles --region "$region" --access-token "$at" --account-id $account_id) role_names=$(echo $account_roles | jq -r '.roleList | .[] | .roleName') while read role_name ; do echo " role: $role_name" @@ -62,3 +62,4 @@ esac echo "cleaning up..." rm ~/.aws/config_append echo "Done!" -
Aug 9, 2021 . 1 changed file with 29 additions and 10 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,28 +1,36 @@ #!/bin/bash -e # How to use this script: # 1. Follow these instructions to configure a single AWS account to do initial login with SSO # https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html # 2. Export AWS_PROFILE=... and then run "aws sso login" to get an SSO token # 3. Once signed in with AWS SSO, run this script to automatically list out all the other accounts and roles and add them to your config file # If you want to filter roles / accounts in the process, or validate config before committing it, you can customise the script to do this. rm -rf ~/.aws/config_append at_filename=$(ls ~/.aws/sso/cache/*.json | grep -v botocore | head -n 1) at=$(cat $at_filename | jq -r '.accessToken') start_url=$(cat $at_filename | jq -r '.startUrl') region=$(cat $at_filename | jq -r '.region') # Iterate account list available_accounts=$(aws sso list-accounts --access-token "$at") n_accounts=$(echo $available_accounts | jq '.accountList | length') echo "Accounts found: $n_accounts" account_list=$(echo $available_accounts | jq -r '.accountList | .[] | .accountId') while IFS= read account_id ; do echo "account: $account_id" account_data=$( echo $available_accounts | jq -r ".accountList | .[] | select( .accountId == \"$account_id\" )" ) account_name=$(echo $account_data | jq -r '.accountName // .accountId' | xargs) account_roles=$(aws sso list-account-roles --access-token "$at" --account-id $account_id) role_names=$(echo $account_roles | jq -r '.roleList | .[] | .roleName') while read role_name ; do echo " role: $role_name" config_profile_name="$account_name-$role_name" hit=$(cat ~/.aws/config | grep $config_profile_name || echo "") if [ -z "$hit" ] ; then echo " profile: $config_profile_name not found, adding to config..." cat << EOF >> ~/.aws/config_append @@ -36,10 +44,21 @@ sts_regional_endpoints = regional region = $region EOF else echo " profile: $config_profile_name found, doing nothing..." fi done < <(printf '%s\n' "$role_names") done < <(printf '%s\n' "$account_list") echo "" echo "" echo "The following config will be appended to your ~/.aws/config file:" cat ~/.aws/config_append echo "" read -p "Do want to proceed? [y/n] " yn case $yn in [Yy]* ) cat ~/.aws/config_append >> ~/.aws/config; echo "committed!"; ;; * ) echo "cancelled!";; esac echo "cleaning up..." rm ~/.aws/config_append echo "Done!" -
Aug 6, 2021 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Aug 6, 2021 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,7 +2,7 @@ # 1. Follow these instructions to configure a single AWS account to do initial login with SSO # https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html # 2. Export AWS_PROFILE=... and then run "aws sso login" to get an SSO token # 3. Once signed in with AWS SSO, run this script to automatically list out all the other accounts and roles and add them to your config file # If you want to filter roles / accounts in the process, or validate config before committing it, you can customise the script to do this. -
Aug 5, 2021 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Aug 5, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,45 @@ # How to use this script: # 1. Follow these instructions to configure a single AWS account to do initial login with SSO # https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html # 2. Export AWS_PROFILE=... and then run "aws sso login" to get an SSO token # 3. Once signed in with AWS SSO, run this script to automatically all other accounts and roles to your config file # If you want to filter roles / accounts in the process, or validate config before committing it, you can customise the script to do this. at_filename=$(ls ~/.aws/sso/cache/*.json | grep -v botocore | head -n 1) at=$(cat $at_filename | jq -r '.accessToken') start_url=$(cat $at_filename | jq -r '.startUrl') region=$(cat $at_filename | jq -r '.region') # Iterate account list account_list=$(echo $available_accounts | jq -r '.accountList | .[] | .accountId') echo $account_list | while read account_id ; do echo "account: $account_id" account_data=$( echo $available_accounts | jq -r ".accountList | .[] | select( .accountId == \"$account_id\" )" ) account_name=$(echo $account_data | jq -r '.accountName // .accountId' | xargs) account_roles=$(aws sso list-account-roles --access-token "$at" --account-id $account_id) role_names=$(echo $account_roles | jq -r '.roleList | .[] | .roleName') echo $role_names | while read role_name ; do echo " role: $role_name" config_profile_name="$account_name-$role_name" hit=$(cat ~/.aws/config | grep $config_profile_name) if [ -z "$hit" ] ; then echo " profile: $config_profile_name not found, adding to config..." cat << EOF >> ~/.aws/config_append [profile $config_profile_name] sso_start_url = $start_url sso_region = $region sso_account_id = $account_id sso_role_name = $role_name sts_regional_endpoints = regional region = $region EOF else echo " profile: $config_profile_name found" fi done done cat ~/.aws/config_append >> ~/.aws/config rm ~/.aws/config_append echo "Done!"