Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

granted sso generate and granted sso populate produce legacy SSO configuration #822

Open
garysassano opened this issue Jan 27, 2025 · 1 comment
Open

granted sso generate and granted sso populate produce legacy SSO configuration #822

garysassano opened this issue Jan 27, 2025 · 1 comment

Comments

@garysassano
Copy link

At re:Invent 2022, AWS introduced SSO sessions for the AWS CLI, offering a simplified method for configuring SSO profiles.

AWS docs: Configuring IAM Identity Center authentication with the AWS CLI

Currently, the granted sso generate and granted sso populate commands still produce legacy SSO configurations, which is not optimal.

Legacy Configuration

[profile my-profile-alpha]
granted_sso_start_url = https://myorg.awsapps.com/start
granted_sso_region = us-east-1
granted_sso_account_id = 123456789012
granted_sso_role_name = AdministratorAccess
common_fate_generated_from = aws-sso
credential_process = aws-sso-util credential-process --profile my-profile-alpha

[profile my-profile-beta]
granted_sso_start_url = https://myorg.awsapps.com/start
granted_sso_region = us-east-1
granted_sso_account_id = 120987654321
granted_sso_role_name = AdministratorAccess
common_fate_generated_from = aws-sso
credential_process = aws-sso-util credential-process --profile my-profile-beta

Modern Configuration

[sso-session my-org]
granted_sso-start-url = https://myorg.awsapps.com/start
granted_sso-region = us-east-1
granted_sso-registration-scopes = sso:account:access
common_fate_generated_from = aws-sso

[profile my-profile-alpha]
granted_sso-session = my-org
granted_sso-account-id = 123456789012
granted_sso-role-name = AdministratorAccess
common_fate_generated_from = aws-sso
credential_process = aws-sso-util credential-process --profile my-profile-alpha

[profile my-profile-beta]
granted_sso-session = my-org
granted_sso-account-id = 120987654321
granted_sso-role-name = AdministratorAccess
common_fate_generated_from = aws-sso
credential_process = aws-sso-util credential-process --profile my-profile-beta
@chrnorm
Copy link
Contributor

chrnorm commented Feb 3, 2025

I think in this case it would be good to first add support for parsing sso-session options, ensuring compatibility with the native AWS CLI, and then after that add support for templating out the sso-session.

This is something we'd be open to a contribution on!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@garysassano @chrnorm