{"id":19745107,"url":"https://github.com/wnkz/aws-sso","last_synced_at":"2025-04-30T07:33:49.445Z","repository":{"id":50185233,"uuid":"202382172","full_name":"wnkz/aws-sso","owner":"wnkz","description":"Command Line tool for AWS SSO Credentials","archived":false,"fork":false,"pushed_at":"2022-12-26T21:00:02.000Z","size":145,"stargazers_count":30,"open_issues_count":14,"forks_count":7,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-10-29T04:07:25.844Z","etag":null,"topics":["aws","aws-sso","cli","cloud","credentials"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wnkz.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-08-14T15:54:38.000Z","updated_at":"2023-04-21T03:55:23.000Z","dependencies_parsed_at":"2023-01-31T01:45:54.339Z","dependency_job_id":null,"html_url":"https://github.com/wnkz/aws-sso","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wnkz%2Faws-sso","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wnkz%2Faws-sso/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wnkz%2Faws-sso/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wnkz%2Faws-sso/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wnkz","download_url":"https://codeload.github.com/wnkz/aws-sso/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224202879,"owners_count":17272807,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-sso","cli","cloud","credentials"],"created_at":"2024-11-12T02:04:01.268Z","updated_at":"2024-11-12T02:04:01.925Z","avatar_url":"https://github.com/wnkz.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# aws-sso\n\n[![GitHub Actions status](https://github.com/wnkz/aws-sso/workflows/Python%20package/badge.svg)](https://github.com/wnkz/aws-sso)\n[![GitHub Actions status](https://github.com/wnkz/aws-sso/workflows/Upload%20Python%20Package/badge.svg)](https://github.com/wnkz/aws-sso)\n[![PyPi Version](https://img.shields.io/pypi/v/awssso.svg?style=flat)](https://pypi.python.org/pypi/awssso/)\n![PyPI - Python Version](https://img.shields.io/pypi/pyversions/awssso)\n![PyPI - Downloads](https://img.shields.io/pypi/dm/awssso)\n\n\nThis package provides a command line interface to get AWS credentials with [AWS SSO](https://aws.amazon.com/single-sign-on/).\n\nThe aws-cli package works on Python versions:\n  - 3.7.x and greater\n\n#### Attention!\n\nThis package relies on [Selenium](https://www.seleniumhq.org/) and Google Chrome to work.\nTherefore, you need [Google Chrome](https://www.google.com/chrome/) and [ChromeDriver](https://chromedriver.chromium.org/) to be installed.\n\nThis is being developped and tested on macOS, if you encounter problems on other platforms, please open an issue.\n\n### Dependencies\n\n#### macOS\n\n```shell\nbrew cask install chromedriver\n```\n\n#### Linux\n\n```\n¯\\_(ツ)_/¯\n```\n\n## Installation\n\n```shell\npip install awssso\n```\n\n## Getting Started\n\n### Help\n\nFor each command you can get help with `--help` flag.\n\n```\nusage: awssso configure [-h] [-p PROFILE] [-a AWS_PROFILE] [-f] [--url URL]\n                        [--username USERNAME]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -p PROFILE, --profile PROFILE\n                        AWS SSO Profile (default: default)\n  -a AWS_PROFILE, --aws-profile AWS_PROFILE\n                        AWS CLI Profile (default: AWS_PROFILE, fallback: same\n                        as --profile)\n  -f, --force-refresh   force token refresh\n  --url URL\n  --username USERNAME\n```\n\n### Configure a profile\n\n```\n$ awssso configure\n[?] URL: https://d-0123456789.awsapps.com/start/\n[?] AWS CLI profile: my-awssso-profile\n[?] Username: me@example.com\n[?] Password: **************\n[?] MFA Code: 042042\n[?] AWS Account: 000000000000 (Master)\n   111111111111 (Log archive)\n   222222222222 (Audit)\n \u003e 000000000000 (Master)\n\n[?] AWS Profile: AWSAdministratorAccess\n   AWSServiceCatalogEndUserAccess\n \u003e AWSAdministratorAccess\n```\n\nThis will create a configuration file in `~/.awssso/config`.\n\n### Get credentials\n\n```\n$ awssso login\n```\n\nThis will get the credentials for the `profile` as defined in the configuration file\nand use `aws-cli` to set those credentials to the correct AWS Profile.\n\n---\n\n```\n$ awssso login -e\nexport AWS_ACCESS_KEY_ID=ACCESS_KEY_ID\nexport AWS_SECRET_ACCESS_KEY=SECRET_ACCESS_KEY\nexport AWS_SESSION_TOKEN=SESSION_TOKEN\n```\n\nThis will echo `export` commands to stdout ; can be used like this `$(awssso login -e)`\n\n---\n\n```\n$ awssso login -c\nhttps://signin.aws.amazon.com/federation?Action=login\u0026Destination=https%3A%2F%2Fconsole.aws.amazon.com%2F\u0026SigninToken=TOKEN\n```\n\nThis will generate a Sign In URL to the AWS Console ; URL will open in a new tab if used with `--browser`.\n\n---\n\nYou can also use this tool as a [credential_process](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html) for awscli. To do so, configure your awscli configuration file like so:\n\n```\n[profile my-sso-profile]\ncredential_process = awssso login -p my-awssso-profile --json\n```\n\nAnd then simply use awscli normally:\n\n```\n$ aws --profile my-sso-profile s3 ls\n```\n\n## Base concepts\n\naws-sso has its own configuration file (`~/.awssso/config`).  \nEach section in this file corresponds to an AWS SSO profile. Those profiles are different from AWS profiles.\n\nWhen using the `login` command, it'll set credentials for the configured AWS Profile by invoking `aws configure`.\n\nInside `~/.awssso/` are also stored cookie files for each pair of username / url. This allows not prompting for MFA code at each login.\n\nSecrets are stored using [keyring](https://pypi.org/project/keyring/) so for example on macOS they are stored in Keychain.  \nFor each username / url aws-sso stores three secrets:\n\n* password\n* authn-token\n* authn-expiry-date\n\naws-sso doesn't make new login attempts until authn-token is expired.  \naws-sso also stores credentials using keyring to avoid making too many STS calls.\n\n## Releases\n\nThe release notes for AWS SSO can be found [here](CHANGELOG.md).\n\n## Known issues\n\nKnown issues can be found [here](KNOWNISSUES.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwnkz%2Faws-sso","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwnkz%2Faws-sso","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwnkz%2Faws-sso/lists"}