ASL is a cli to get the STS short-term credentials for all accounts and role names that is assigned to the AWS SSO user.
ASL retrieves and caches an AWS SSO access token to exchange for AWS credentials, when the cached access token expires, a new login is requested. Using a valid access token, the ASL lists all AWS accounts assigned to the user and then get the roles for each one. After that, the STS short-term credentials are stored in AWS credential file.
sudo bash -c "curl -fsSL https://github.com/leocomelli/asl/releases/latest/download/asl_$(uname -s)_$(uname -m) -o /usr/local/bin/asl && chmod +x /usr/local/bin/asl"Run the asl configure command to store the AWS SSO Login parameters to be used when needed. Whenever the AWS SSO access token needs to be renewed, these parameters are used.
asl configure \
--account-id 123456789012 \
--start-url https://d-123456w78w.awsapps.com/start/ \
--role-name MyRoleSSOLogin \
--region us-east-1Run the asl command to store the STS short-term credentials for each account and role assigned to the user. You may safely rerun the asl command to refresh your credentials.
aslMake sure everything works well
aws sts get-caller-identity --profile your-profileUse the flag --eks to update the kubeconfig with all existing clusters in the accounts assigned to the user.
asl --eks