Support for AWS SSO credentials

[andyndang]

I'd like to use AWS SSO as the credentials for my program:

aws sso login

I can use SSO credentials in boto3

Describe the Feature

AWS SSO credentials to replace static AWS credentials

Is your Feature Request related to a problem?

I'm frustrated because I keep having to manually copy the credentials from SSO portal to my disk

Proposed Solution

Replicate the boto3 implementation?

Describe alternatives you've considered

N/A

Additional Context

N/A

Your Environment

• AWS Java SDK version used: 1.11.880
• JDK version used: 1.8
• Operating System and version: MacOS X

[debora-ito]

@andyndang thank you for reaching out, feature request noted.

[josephwofford]

See aws/aws-cli#4982 and aws/aws-sdk-java-v2#1970.

I'm currently using https://github.com/victorskl/yawsso to work around the problem, but there are easily a half dozen other workarounds.

AWS Single Sign-On (SSO) is a really cool feature, but it's unfortunate that so few tools currently support it.

[internetstaff]

This is a big pain point for us. Migrating to v2 is non-trivial, so we're stuck with nasty work-arounds to use SSO.

[debora-ito]

@internetstaff thank you for reaching out, I understand that the task to migrate to v2 is not a trivial one. We'd like to add native support for SSO in v1 but currently the team efforts are focused in releasing features for SDK v2 and in closing the feature parity gap.

I'd like to point out that you can use v2 SSO Credential Provider with some modifications, even if your project uses mostly SDK v1. You can add the v2 sso dependency (showing here in a pom.xml file):

<dependency>
    <groupId>software.amazon.awssdk</groupId>
    <artifactId>sso</artifactId>
    <version>2.16.40</version>
</dependency>

and write an adapter to SsoCredentialsProvider for it to work in a v1 style credential provider. The adapter would look like the example shown here for a ProfileCredentialsProvider: #803 (comment)

[internetstaff]

@debora-ito Thank you, that actually worked pretty well, even with Spring Cloud AWS. :)

[andreacavagna01]

At least you can use Leapp to generate temporary credentials from aws SSO and then use this inside the sdk

https://github.com/Noovolari/leapp

[francis-a]

Is anyone able to provide an update on this? I'm just asking since the issue has been open for quite some time without much feedback. It would help us a lot of there was any kind of update so we could think about either upgrading to the v2 SDK or using the collection of workarounds in v1.

[wojtekk]

Hi, any update on this topic?

[thallium205]

Hi - any updates on this topic?