https://github.com/leocomelli/asl

ASL is a cli to get the STS short-term credentials for all accounts and role names that is assigned to the AWS SSO user.
https://github.com/leocomelli/asl

aws credentials sso

Last synced: 5 months ago
JSON representation

ASL is a cli to get the STS short-term credentials for all accounts and role names that is assigned to the AWS SSO user.

• Host: GitHub
• URL: https://github.com/leocomelli/asl
• Owner: leocomelli
• License: mit
• Created: 2021-03-20T19:18:23.000Z (over 5 years ago)
• Default Branch: main
• Last Pushed: 2024-06-17T08:49:00.000Z (about 2 years ago)
• Last Synced: 2024-06-19T11:37:34.949Z (about 2 years ago)
• Topics: aws, credentials, sso
• Language: Go
• Homepage:
• Size: 158 KB
• Stars: 9
• Watchers: 4
• Forks: 1
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# ASL ::: Amazon Single Sign-On Login

ASL is a cli to get the STS short-term credentials for all accounts and role names that is assigned to the AWS SSO user.

## What does ASL do?

ASL retrieves and caches an AWS SSO access token to exchange for AWS credentials, when the cached access token expires, a new login is requested. Using a valid access token, the ASL lists all AWS accounts assigned to the user and then get the roles for each one. After that, the STS short-term credentials are stored in AWS credential file.

## Prerequisites

* [AWS Command Line Interface](https://aws.amazon.com/cli/)

## Installation

```sh

sudo bash -c "curl -fsSL https://github.com/leocomelli/asl/releases/latest/download/asl_$(uname -s)_$(uname -m) -o /usr/local/bin/asl && chmod +x /usr/local/bin/asl"

```

## Usage

Run the `asl configure` command to store the AWS SSO Login parameters to be used when needed. Whenever the AWS SSO access token needs to be renewed, these parameters are used.

```sh

asl configure \

  --account-id 123456789012 \

  --start-url https://d-123456w78w.awsapps.com/start/ \

  --role-name MyRoleSSOLogin \

  --region us-east-1

```

Run the `asl` command to store the STS short-term credentials for each account and role assigned to the user. You may safely rerun the `asl` command to refresh your credentials.

```sh

asl

```

Make sure everything works well

```sh

aws sts get-caller-identity --profile your-profile

```

### EKS

Use the flag `--eks` to update the kubeconfig with all existing clusters in the accounts assigned to the user.

```sh

asl --eks

```