Tool to generate an AWS config file (~/.aws/config) (our file is saved to ~/.aws/config.generated) after authenticating and authorizing AWS SSO IAM Identity Center.
Available downloads for macOS (x86 and m series), linux (x86 and arm64) and windows.
On macOS you will get a popup if you run without doing the below.
Apple could not verify “aws-sso-config-generator” is free of malware that may harm your Mac or compromise your privacy.
Make sure to only do this for verified executable downloaded from https://github.com/djgoku/aws-sso-config-generator or built locally.
xattr -dr com.apple.quarantine ~/aws-sso-config-generator chmod +x ~/aws-sso-config-generator
More information here https://apple.stackexchange.com/a/436677
Note: if no parameters are passed user will be prompted for ~region~ and ~start_url~.
Example call of aws-sso-config-generator where AWS access portal is in us-west-2 with a url of https://<example>.awsapps.com/start/#/.
aws-sso-config-generator --region us-west-2 --sso-region us-east-1 --start-url https://<example>.awsapps.com/start/#/
aws-sso-config-generator -r us-west-2 --sso-region us-east-1 -u https://<example>.awsapps.com/start/#/
| Option | Type | Example | Description | Default |
|---|---|---|---|---|
| –sso-region | string | –sso-region us-west-2 | Region where AWS resources are hosted. | |
| –region or -r | string | -r us-west-2 | Region where AWS access portal is hosted. | |
| –start-url or -u | string | -u https://<example>.awsapps.com/start/#/ | The URL for the AWS access portal | |
| –help or -h | N/A | -h | Help menu | |
| –template or -t | string | -t ~/.aws/config.template.json | JSON template file to re-kap accounts and roles | ~/.aws/config.template.json |
| –out or -o | string | -o ~/.aws/config.generated | Output file for generated AWS config file | ~/.aws/config.generated |
~/.aws/config.generated:
# config generated via https://github.com/djgoku/aws-sso-config-generator # # This requires AWS CLI v2 # # 1. log into aws sso via `aws sso login --profile use-any-profile-name` # 2. validate `AWS_PROFILE=use-any-profile-name aws sts get-caller-identity` # AWS_CONFIG_FILE=~/.aws/config.generated AWS_PROFILE=1111111-ReadOnly aws sts get-caller-identity [profile 1111111-ReadOnly] sso_start_url = https://<example>.awsapps.com/start/#/ sso_region = us-east-2 sso_account_id = 1111111 sso_role_name = ReadOnly region = us-west-2 output = json # AWS_CONFIG_FILE=~/.aws/config.generated AWS_PROFILE=1111111-ReadOnly aws sts get-caller-identity [profile 1111111-ReadOnly] sso_start_url = https://<example>.awsapps.com/start/#/ sso_region = us-east-2 sso_account_id = 1111111 sso_role_name = ReadOnly region = us-west-2 output = json
In the template.json structure, the values under the accounts and roles keys are used to replace their respective keys during config generation. For example:
"111111"inaccountswill be replaced with"dev""Admin"inroleswill be replaced with""(empty string)
~/.aws/config.template:
{
"accounts": {
"111111": "dev",
"222222": "uat",
"333333": "prod"
},
"roles": {
"Admin": "",
"ReadOnly": "read"
}
}
- Clone repository
devbox run do-all
You might need to clean-up old resources from a previous version and re-run the application.
./burrito_out/aws_sso_config_generator maintenance uninstall [w] This will uninstall the application runtime for this Burrito binary! [?] Please confirm this action [y/n]: y y [i] Deleting directory: /home/devbox/.local/share/.burrito/aws_sso_config_generator_erts-15.2.2_0.1.0 [i] Uninstall complete! [i] Quitting.
We are using burrito which packages everything required to run the application into a self-extracting executable. Once ran the application is extracted and then ran.