Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mrtc0/aws-sso-go

A utility tool that allows credentials to be saved in 1Password even in an AWS SSO environment
https://github.com/mrtc0/aws-sso-go

1password aws

Last synced: 16 days ago
JSON representation

A utility tool that allows credentials to be saved in 1Password even in an AWS SSO environment

Host: GitHub
URL: https://github.com/mrtc0/aws-sso-go
Owner: mrtc0
License: mit
Created: 2023-02-24T15:37:02.000Z (over 1 year ago)
Default Branch: master
Last Pushed: 2024-06-19T12:33:38.000Z (5 months ago)
Last Synced: 2024-06-20T11:13:13.814Z (5 months ago)
Topics: 1password, aws
Language: Go
Homepage:
Size: 137 KB
Stars: 9
Watchers: 3
Forks: 2
Open Issues: 7
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# aws-sso-go

[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/mrtc0/aws-sso-go/badge)](https://api.securityscorecards.dev/projects/github.com/mrtc0/aws-sso-go)
[![CodeQL](https://github.com/mrtc0/aws-sso-go/actions/workflows/codeql.yml/badge.svg)](https://github.com/mrtc0/aws-sso-go/actions/workflows/codeql.yml)

# Motivation

1Password's AWS Shell Plugin is very useful for managing AWS credentials. However, it does not support AWS SSO (`aws sso login`). This project aims to provide a solution to this problem.
aws-sso-go is output credentials as STDOUT instead of storing them in `~/.aws/sso/cache`. By saving the output to 1Password with a tool like `misc/update-1password-aws-credentials.sh`, you can use `op run --env-file .env` to handle AWS credentials.

# Install

```shell
$ go install github.com/mrtc0/aws-sso-go@latest

$ cat < /usr/local/bin/update-1password-aws-credentials.sh
#!/bin/bash

# This script is save aws-sso-go results to 1Password.
#
# Usage: aws-sso-go | update-1password-aws-credentials.sh <1Password item name>
# e.g. aws-sso-go | update-1password-aws-credentials.sh aws-credentials
#
# You can handle AWS credentials by running `op run --env-file .env` with a `.env` file like:
# AWS_ACCESS_KEY_ID="op://Private/aws-credentials/access key id"
# AWS_SECRET_ACCESS_KEY="op://Private/aws-credentials/secret access key"
# AWS_SESSION_TOKEN="op://Private/aws-credentials/session token"

while read -r line; do
AWS_SECRET_ACCESS_KEY=$(echo $line | jq -r '.SecretAccessKey')
AWS_ACCESS_KEY_ID=$(echo $line | jq -r '.AccessKeyId')
AWS_SESSION_TOKEN=$(echo $line | jq -r '.SessionToken')

op item edit "$1" "secret access key=$AWS_SECRET_ACCESS_KEY" "access key id=$AWS_ACCESS_KEY_ID" "session token=$AWS_SESSION_TOKEN"
done
EOF

$ chmod +x /usr/local/bin/update-1password-aws-credentials.sh
```

# Usage

```shell
$ export AWS_REGION=
$ aws-sso-go --profile | update-1password-aws-credentials.sh <1Password item name>
$ cat .env
AWS_ACCESS_KEY_ID="op://Private/<1Password item name>/access key id"
AWS_SECRET_ACCESS_KEY="op://Private/<1Password item name>/secret access key"
AWS_SESSION_TOKEN="op://Private/<1Password item name>/session token"

$ op run --env-file .env -- aws s3 ls
```