Fork me on GitHub

has anyone tried the AWS SSO system? im trying to use it with but i don't see a credentials provider which would support SSO. it does give access to the SSO AWS API though, so i can try to put a signin flow together with that...


i tried our AWS SSO setup and it works with the new AWS CLI 2: but what it puts into ~/.aws/config is not understood by 😞 it looks something like this:

[<some profile name>]
sso_start_url = https://<org-name>.
sso_region = ap-southeast-1
sso_account_id = 179999999999
sso_role_name = AdministratorAccess
# sso_role_name = PowerUserAccess
region = ap-southeast-1


I think the credential support in aws-api is sort of minimal in an attempt to keep the core lightweight and not require other aws-api services to implement auth. I needed to extend the profile provider to support assume role sts tokens, for example.

👍 1

is there a better channel where i can ask such questions?


@onetom (I'll be going deep into this in a week or two but I did some research already). Atm most AWS SDK's do not support obtaining credentials via SSO - that includes Java and Go SDK (the latter is rather infuriating because I work a lot with terraform). The workaround is to use a small Python script, which does some munging of credentials obtained via cli v2 and can inject them to your shell environment. can work for you or you might need to tweak it a bit (like we did)

👍 1