ASL is a cli to get the STS short-term credentials for all accounts and role names that is assigned to the AWS SSO user.
ASL retrieves and caches an AWS SSO access token to exchange for AWS credentials, when the cached access token expires, a new login is requested. Using a valid access token, the ASL lists all AWS accounts assigned to the user and then get the roles for each one. After that, the STS short-term credentials are stored in AWS credential file.
sudo bash -c "curl -fsSL https://github.com/leocomelli/asl/releases/latest/download/asl_$(uname -s)_$(uname -m) -o /usr/local/bin/asl && chmod +x /usr/local/bin/asl"
Run the asl configure
command to store the AWS SSO Login parameters to be used when needed. Whenever the AWS SSO access token needs to be renewed, these parameters are used.
asl configure \
--account-id 123456789012 \
--start-url https://d-123456w78w.awsapps.com/start/ \
--role-name MyRoleSSOLogin \
--region us-east-1
Run the asl
command to store the STS short-term credentials for each account and role assigned to the user. You may safely rerun the asl
command to refresh your credentials.
asl
Make sure everything works well
aws sts get-caller-identity --profile your-profile
Use the flag --eks
to update the kubeconfig with all existing clusters in the accounts assigned to the user.
asl --eks