Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] Support for populating aws config file #173

Closed
andymac4182 opened this issue Jun 8, 2022 · 7 comments · Fixed by #230
Closed

[Feature Request] Support for populating aws config file #173

andymac4182 opened this issue Jun 8, 2022 · 7 comments · Fixed by #230

Comments

@andymac4182
Copy link

The one feature I am missing from being able to use granted as my only AWS SSO login tool is the ability to populate the full list of profiles I can access. I am currently using aws-sso-util configure populate for that. It would be great if it could be generated as part of granted's processes.
@sherifabdlnaby
Copy link

This will be very helpful!

@JoshuaWilkes JoshuaWilkes changed the title Support for populating aws config file [Feature Request] Support for populating aws config file Jul 19, 2022
@tom-sherman
Copy link

Yes please! I just raised a discussion around this topic: #224

As I understand it this involves calling ListAccounts and paginating through to get all accounts. Then for each account calling ListAccountRoles for each account.

@misterjoshua
Copy link
Contributor

misterjoshua commented Aug 25, 2022
edited
Loading

I also want this feature. I have two different SSOs I need to log in through though, so I'd want granted to populate my profile from both accounts. I have no problem running two commands to accomplish that, just as long as I have a way to differentiate between the ssos.

# Populate from my first sso, prefixing profiles with sso1-
$ granted sso populate --prefix sso1- <start url>

# Populate from my second sso, prefixing profiles with sso2-
$ granted sso populate --prefix sso2- <start url>

# Open a browser to the iam console on the Dev/Tooling account in sso1
$ assume -c -s iam sso1-Dev-Tooling-AdministratorAccess

Thoughts anyone?

@tom-sherman
Copy link

I think the easiest way to fulfill the requirements (and the most minimal/unixy) would be to output all of the profiles to stdout.

So just granted sso generate <start url> would output a bunch of profiles you can pipe to ~/.aws/config or copy and paste or post process yourself to add the prefix.

@misterjoshua
Copy link
Contributor

misterjoshua commented Aug 25, 2022
edited
Loading

I think the easiest way to fulfill the requirements (and the most minimal/unixy) would be to output all of the profiles to stdout.

I see a stdout-generating command as valuable and not mutually exclusive with either profile name prefixing or automatic ~/.aws/config population.

Perhaps one command is granted sso generate [--prefix <prefix>] <start url>, and the other is granted sso populate [--prefix <prefix>] <start url>, where --prefix <prefix> is optional for either command. The differences here appear to amount to what we do with the account and role lists once we have fetched them.

@misterjoshua misterjoshua mentioned this issue Aug 26, 2022
Merged
@misterjoshua
Copy link
Contributor

@tom-sherman I've taken your feedback into account and submitted a pull request #230. Here's hoping it works for everyone.

@andymac4182
Copy link
Author

Thanks @misterjoshua This is great to see added :)

@jordiup jordiup mentioned this issue Oct 6, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add granted sso populate/generate commands misterjoshua/granted
4 participants
@misterjoshua @andymac4182 @tom-sherman @sherifabdlnaby