-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow configuring sso-session settings non-interactively #7835
Comments
Thanks for creating this feature request, I could see how it would be helpful to have this functionality. I'll mark this issue for further review by the team, and in the meantime others can add a 👍 to this issue or comment here to share any more details on use cases. |
@tim-finnigan Any updates on when the team will be able to review the PR? |
Just bumping this to mention there's a PR open to resolve this coming up on a year open without review: #7847 |
Also very interested in the functionality described here and implemented in #7847 |
Dear AWS, with all due respect, this is "must have" for a large organization that wants to automate onboarding CLI users to https://aws.amazon.com/iam/identity-center/ Meanwhile, I suppose we can use workarounds like |
I wound up implementing the missing features with My implementation was to delete any
Therefore:
Thanks. Not so grodo after all. |
I was able to automate the setup using a shell script like: echo "sso-session-name
https://sso-alias.awsapps.com/start
us-east-1
sso:account:access" | aws configure sso-session However, would be nice to have the option to either set the variables using |
I wrote a script to configure all AWS IAM Identity Center (SSO) accounts and roles automatically. It requires AWS CLI v2 and jq. Download the |
needing to do something similar to @evanstucker-hates-2fa to get a fairly simple non-interactive setup that isn't full of traps and annoyances for new users. Primarily need to be able to generate a profile with a known name that can be reference from makefile. The current tool makes this obnoxiously hard. In particular no easy was to get the |
I use sso without use an sso session prefix, and thus can set the sso role name via |
I've switched to using https://github.com/synfinatic/aws-sso-cli. It works great! And it encrypts the tokens/cache, which adds an additional layer of security, which is nice. |
Describe the feature
As mentioned in this comment, you cannot use
aws configure set
to setsso-session
parameters in the AWS config file.The CLI should provide a mechanism to non-interactively set these values
Use Case
I'm trying to set up command line tools for multiple users in an organization, making it easy to use AWS SSO for their tooling.
I would like to be able to give them a script to run to add SSO config to their config files vs manual instructions.
Proposed Solution
Update
aws configure
to work withsso-session
prefixes like this:aws configure set sso-session.session-name.sso_region eu-west-1
(As shown by @ezzatron in #7364 (comment)).
Alternatively, update
aws configure sso-session
to allow non-interactive operation by allowing flags instead of passing in values interactively (this might make sense as a separate issue)Other Information
No response
Acknowledgements
CLI version used
2.9.6
Environment details (OS name and version, etc.)
Mac OS Ventura
The text was updated successfully, but these errors were encountered: