AWS Single Sign-on (SSO) allows the organisation to grant their user access to AWS resources across multiple AWS accounts easily. Unlike the AWS Access Key, the security credential provided by AWS SSO is a short-term credential only [1].
AWS CLI version 2 allows the user to use the AWS SSO login and retrieve the short term credentials directly without copy and paste from the AWS SSO User Portal [2]. However, instead of saving the credential in the AWS CLI version 1 credentials file ~/.aws/credentials, the command – asw sso login saves the credential in AWS SSO folder ~/.aws/sso/cache.
Although AWS CLI version 2 can work with the AWS SSO credential without issue, other software or solutions, e.g. Serverless Framework and AWS Toolkit for IntelliJ, have not supported with the credential generated by AWS SSO Login command yet.
YAWSSO
Yet Another AWS SSO (YAWSSO) is a Python script synchronise AWS CLI v2 SSO login session to legacy CLI v1 credentials file.
Prerequisite
- AWS CLI v1 is not installed
- AWS CLI v2 is installed
- AWS SSO is configured (e.g.
~/.aws/config)
Installation
pip install yawssoUsage
- AWS SSO Login via AWS CLI
aws sso login --profile=dev-account - Synchronisation the credential
yawsso -p dev-account- Or, run the SSO Login and synchronisation in one step
yawsso login --profile dev-account- with the parameter
-e, it will display the export command in the terminal (or copy to clipboard ifpyperclipis installed.
yawsso login --profile dev-account -e
yawsso -p dev-account -e- You can run it with
$(...)(Bash shell) oreval (....)(Fish shell) to perform the command as once
$(yawsso login --profile dev-account -e) #Bash Shell, or
eval(yawsso -p dev-account -e) #Fish ShellFor the detail usage of the YAWSSO, please visit YAWSSO GitHub page.
