{"id":20619379,"url":"https://github.com/containerscrew/aws-sso-auth","last_synced_at":"2025-05-10T03:32:59.999Z","repository":{"id":196240805,"uuid":"691967524","full_name":"containerscrew/aws-sso-auth","owner":"containerscrew","description":"Fetch your local ~/.aws/credentials using AWS SSO","archived":true,"fork":false,"pushed_at":"2023-11-21T14:57:34.000Z","size":364,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-06T19:45:40.253Z","etag":null,"topics":["aws","aws-sdk-rust","aws-sso","cargo","rust","rust-project"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/containerscrew.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-15T09:14:39.000Z","updated_at":"2024-06-09T22:15:22.000Z","dependencies_parsed_at":null,"dependency_job_id":"f8cde10f-effc-4a34-83fb-6d84532802e7","html_url":"https://github.com/containerscrew/aws-sso-auth","commit_stats":null,"previous_names":["containerscrew/aws-sso-rs","containerscrew/aws-sso-auth"],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containerscrew%2Faws-sso-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containerscrew%2Faws-sso-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containerscrew%2Faws-sso-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/containerscrew%2Faws-sso-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/containerscrew","download_url":"https://codeload.github.com/containerscrew/aws-sso-auth/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253358155,"owners_count":21895977,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-sdk-rust","aws-sso","cargo","rust","rust-project"],"created_at":"2024-11-16T12:11:31.310Z","updated_at":"2025-05-10T03:32:59.624Z","avatar_url":"https://github.com/containerscrew.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\" \u003e\n    \u003cimg src=\"assets/rust-logo.svg\" alt=\"logo\" width=\"250\"/\u003e\n\u003ch3 align=\"center\"\u003eaws-sso-auth\u003c/h3\u003e\n\u003cp align=\"center\"\u003eFetch your local ~/.aws/credentials using AWS SSO\u003c/p\u003e\n\u003cp align=\"center\"\u003eBuild with ❤ in Rust\u003c/p\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\" \u003e\n    \u003ca href=\"#\"\u003e\n      \u003cimg alt=\"GitHub code size in bytes\" src=\"https://img.shields.io/github/languages/code-size/containerscrew/aws-sso-auth\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"/LICENSE\"\u003e\n      \u003cimg alt=\"License\" src=\"https://img.shields.io/github/license/containerscrew/aws-sso-auth\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://codecov.io/gh/containerscrew/aws-sso-auth\" \u003e\n      \u003cimg src=\"https://codecov.io/gh/containerscrew/aws-sso-auth/graph/badge.svg?token=4AI2U4PX4V\"/\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/containerscrew/aws-sso-auth/releases/latest\"\u003e\n      \u003cimg alt=\"Release\" src=\"https://img.shields.io/github/release/containerscrew/aws-sso-auth\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://somsubhra.github.io/github-release-stats/?username=containerscrew\u0026repository=aws-sso-auth\"\u003e\n      \u003cimg alt=\"GitHub Releases Stats\" src=\"https://img.shields.io/github/downloads/containerscrew/aws-sso-auth/total.svg?logo=github\"\u003e\n    \u003c/a\u003e\n\u003c/p\u003e\n\n\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n**Table of Contents**  *generated with [DocToc](https://github.com/thlorenz/doctoc)*\n\n- [Pipeline badges](#pipeline-badges)\n- [Introduction](#introduction)\n- [Requirements](#requirements)\n- [Supported platforms](#supported-platforms)\n- [Supported IDP](#supported-idp)\n- [Installation](#installation)\n  - [Quick installation (latest version)](#quick-installation-latest-version)\n  - [Using cargo](#using-cargo)\n  - [Build locally](#build-locally)\n- [Usage](#usage)\n  - [Setup configuration](#setup-configuration)\n  - [Start fetching credentials](#start-fetching-credentials)\n  - [Debug logging](#debug-logging)\n  - [Check version](#check-version)\n  - [Help command](#help-command)\n  - [Take a look inside `~/.aws/credentials`](#take-a-look-inside-awscredentials)\n  - [Example of credentials file](#example-of-credentials-file)\n- [Switching accounts in your terminal](#switching-accounts-in-your-terminal)\n  - [Zsh/Bash shell](#zshbash-shell)\n  - [Fish shell](#fish-shell)\n  - [Setting AWS_PROFILE](#setting-aws_profile)\n- [Examples](#examples)\n- [TO DO (not implemented yet)](#to-do-not-implemented-yet)\n- [Contribution](#contribution)\n- [LICENSE](#license)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n# Pipeline badges\n![Test Status](https://github.com/containerscrew/aws-sso-auth/actions/workflows/test.yml/badge.svg)\n![Build Status](https://github.com/containerscrew/aws-sso-auth/actions/workflows/build.yml/badge.svg)\n![Git Leaks Status](https://github.com/containerscrew/aws-sso-auth/actions/workflows/gitleaks.yml/badge.svg)\n![Coverage](https://github.com/containerscrew/aws-sso-auth/actions/workflows/coverage.yml/badge.svg)\n\n# Introduction\n\nThis tool will help you download your AWS organization's account credentials using `AWS SSO`. What we previously set manually with *IAM users* **(aws_access_key_id and aws_secret_access_key)**, we now have automatically using AWS SSO.\nIn this case ONLY Google Workspaces has been tested as external IDP. [More info in supported IDP, just below](https://github.com/containerscrew/aws-sso-auth/tree/latest_refactors#supported-idp)\n\nIn short, we want to have the credentials of our `AWS accounts/roles`, using `AWS SSO`, stored in our `~/.aws/credentials` to be able to work daily with our tools **(terraform, aws cli...)**\n\n\u003e This tool requires human interaction, since the authorization request must be manually approved from the browser.\n\n# Requirements\n\n* Our default browser that we work with must be authenticated with our IDP. In this case, gmail if we use Google Workspaces.\n\n# Supported platforms\n\n| OS        | ARM64 | AMD64 |\n|-----------|:-----:|------:|\n| Mac       |  √    |   √   |\n| Linux     |  √    |   √   |\n\n# Supported IDP\n\n* Google Workspaces\n\nIf using other IDP with AWS SSO in your organization, and this tool don't work, please provide feedback in this repo. Open an issue and I will try to reproduce it!\n\n# Installation\n\n## Quick installation (latest version)\n\n```shell\ncurl --proto '=https' --tlsv1.2 -sSfL https://raw.githubusercontent.com/containerscrew/aws-sso-auth/main/scripts/install.sh | bash\n```\n\n## Using cargo\n\nInstall rust toolchain:\n\n```shell\ncurl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh\n```\n\n```shell\ncargo install aws-sso-auth --git https://github.com/containerscrew/aws-sso-auth\n```\n\n## Build locally\n\n```shell\ngit clone https://github.com/containerscrew/aws-sso-auth\ncd aws-sso-auth/\ncargo build --release\n./target/release/aws-sso-auth\n```\n\n\u003e If you need to install specific version, go to https://github.com/containerscrew/aws-sso-auth/releases and download the binary\n\n# Usage\n\n## Setup configuration\n\n```shell\naws-sso-auth config --start-url https://XXXX.awsapps.com/start --aws-region eu-west-1 --profile-name mycompany\n```\n\n\u003e This command will save a file in `~/.aws/aws-sso-auth.json` with the previous configuration\n\n* **profile_name:** the name of the profile configuration you are saving. For example, your company name\n* **start_url:** your start URL of SSO AWS app (https://docs.aws.amazon.com/singlesignon/latest/userguide/howtochangeURL.html)\n* **region:** AWS region where you have your AWS SSO configured. By the default is `us-east-1`\n\n\n## Start fetching credentials\n\n```shell\naws-sso-auth start\n```\n\nOr with flags:\n\n```shell\naws-sso-auth start -w 5 -r 40\n```\n\n* **workers:** Number of async/thread AWS API calls. + threads == + speed. Recommended: 5/8 max to avoid AWS API 429 errors TooManyRequestsException. Default: 6\n* **retries:** Number of retries when AWS API return errors. Default: 60\n\n\u003e This will open your default local browser where you have your IDP authenticated. In my case, I used Google as external IDP with AWS SSO\n\n\u003e Adjust the number of concurrent threads and retries depending on the number of accounts you have. If you only have 10 accounts (for example), it wouldn't make much sense to maybe use 20 workers and 100 retries, right?\n\nIf everything went well, you must authorize the request. Something like that:\n\n![Example authentication window](./assets/aws-auth-screen.png)\n\n## Debug logging\n\n```shell\naws-sso-auth -l debug start\n```\n\n* **--log-level:** Log level. Default: info. Possible values: info, warn, trace, debug, error\n\n## Check version\n\n```shell\naws-sso-auth --version\n```\n\n## Help command\n\n```shell\naws-sso-auth --help\n```\n\n\u003e All the credentials will be saved in your $HOME/.aws/credentials with the following pattern: [AccountName@RoleName] you are assuming\n\n## Take a look inside `~/.aws/credentials`\n\n```shell\ncat ~/.aws/credentials\n```\n\nThe configuration file should be something like this:\n\n## Example of credentials file\n\n```toml\n[Account1@administrator]\naws_secret_access_key=XXXX\nregion=eu-west-1\naws_access_key_id=XXXX\naws_session_token=XXXX\n\n[Account2@read-only]\naws_secret_access_key=XXXX\nregion=eu-west-1\naws_access_key_id=XXXX\naws_session_token=XXXX\n```\n\n# Switching accounts in your terminal\n\n## Zsh/Bash shell\n\nCopy the following function in your `~/.zshrc` or `~/.bashrc`:\n\n```shell\naws-profile () {\n        PROFILE=$(cat ~/.aws/credentials|grep \"^\\[\"|sed \"s/]$//\"|sed \"s/^\\[//\"| fzf)\n        export AWS_PROFILE=$PROFILE\n}\n```\n\nThen, `source` the file if needed:\n```shell\nsource ~/.zshrc or source ~/.bashrc\n```\n\n## Fish shell\n\nCopy the following function inside `~/.config/fish/function/aws-profile.fish`\n\n```shell\nfunction aws-profile\n    set -gx AWS_PROFILES $(cat ~/.aws/credentials | sed -n -e 's/^\\[\\(.*\\)\\]/\\1/p' | fzf)\n    if test -n \"$AWS_PROFILES\"\n        set -xg AWS_PROFILE $AWS_PROFILES\n        echo \"Selected profile: $AWS_PROFILES\"\n    else\n        echo \"No profile selected\"\n    end\nend\n```\n\nThen `source` the fish configuration:\n\n```shell\nsource ~/.config/fish/config.fish\n```\n\n## Setting AWS_PROFILE\n\nType `aws-profile` in your terminal, and you will see all the accounts you have credentials in your `$HOME/.aws/credentials`\n\n\u003e **fzf** is needed as a dependency for the interactive account switcher\n\n[Official documentation](https://github.com/junegunn/fzf#installation)\n\n# Examples\n\n![Executing start command](./assets/aws-sso-auth-start.png)\n![Final result](./assets/final-result.png)\n\n\n# TO DO (not implemented yet)\n\n* Multiple AWS SSO account configurations inside `aws-sso-auth.json` Imagine you are working in a consultant, and you have multiple customers with AWS SSO, and you want to save\nall their config (start-url, region) inside the config file.\n* If you have 200 accounts, only 123 (max), will be fetched\n* Select which account credentials (with prefix) do you want to fetch (maybe you don't want to fetch all accounts)\n* Testing and mocking AWS API calls\n* Codecoverage pipeline not working\n* Changelog with release-please\n* Create Homebrew Formula\n* Documentation in code functions\n* Customize how account credentials are saved: `[AccountName@RoleName]` for `[PUT-YOUR-LOGIC-HERE]`\n\n# Contribution\n\nPull requests are welcome! Any code refactoring, improvement, implementation. I just want to learn Rust! I'm a rookie\n\n# LICENSE\n\n[LICENSE](./LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontainerscrew%2Faws-sso-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcontainerscrew%2Faws-sso-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontainerscrew%2Faws-sso-auth/lists"}