Skip to content

Instantly share code, notes, and snippets.

@chancez
Last active September 14, 2024 10:51
Show Gist options
  • Save chancez/c516cb21db3cf4cabbe40fd7457b1627 to your computer and use it in GitHub Desktop.
Save chancez/c516cb21db3cf4cabbe40fd7457b1627 to your computer and use it in GitHub Desktop.
function aws-sso-access-token() {
find "$HOME/.aws/sso/cache" -type f ! -name 'botocore*' -exec jq -r '.accessToken' {} \; | head -n1
}
function aws-sso-list-accounts() {
aws sso list-accounts --access-token "$(aws-sso-access-token)" "$@"
}
function aws-sso-list-account-roles() {
aws sso list-account-roles --access-token "$(aws-sso-access-token)" "$@"
}
function aws-sso-profile-template() {
if [ "$#" -ne 6 ]; then
return 1
fi
profile_name=$1
sso_start_url=$2
sso_region=$3
sso_account_id=$4
sso_role_name=$5
default_region=$6
cat << EOF
[profile $profile_name]
sso_start_url = $sso_start_url
sso_region = $sso_region
sso_account_id = $sso_account_id
sso_role_name = $sso_role_name
region = $default_region
EOF
}
function aws-sso-generate-profiles-config() {
sso_start_url=$1
sso_region=$2
cli_default_region=$2
if [ "$#" -ne 2 ]; then
return 1
fi
aws-sso-list-accounts --output json | jq '.accountList[]' -rc | while read -r account; do
accountId="$(echo "$account" | jq -rc '.accountId')"
accountName="$(echo "$account" | jq -rc '.accountName | ascii_downcase | gsub(" "; "-")')"
aws-sso-list-account-roles --output json --account-id "$accountId" | jq '.roleList[].roleName' -rc | while read -r roleName; do
aws-sso-profile-template "$accountName-$roleName" "$sso_start_url" "$sso_region" "$accountId" "$roleName" "$cli_default_region"
echo
done
done
}
@chancez
Copy link
Author

chancez commented Jan 5, 2022

Requires that you login to AWS SSO first.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment