Last active
November 17, 2022 15:02
-
-
Save aharonha/7d80538cd9da0b60b08335c151ab067f to your computer and use it in GitHub Desktop.
Login to aws sso and create credentials file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| RED='\033[0;31m' | |
| YELLOW='\033[0;33m' | |
| GREEN='\033[0;32m' | |
| NC='\033[0m' # No Color | |
| installer=`which brew || which yum || which apt-get` | |
| which jq >/dev/null || $installer install jq | |
| if [ $? -ne 0 ]; then | |
| if [ -z "$installer" ] ; then | |
| echo -e $RED Unable to install jq, unable to find an installer.$NC | |
| echo -e $RED Get yourself one of brew, yum, or apt!$NC | |
| echo Someone told me that you can install brew simply running this: | |
| echo -e $YELLOW '/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"' $NC | |
| echo -e $YELLOW 'echo "$(brew shellenv)" >> ~/.bash_profile' $NC | |
| echo -e $YELLOW 'eval "$(brew shellenv)"' $NC | |
| echo Try and tell me... | |
| exit 1982 | |
| fi | |
| echo -e $RED unable to install jq, please run $installer install jq $NC | |
| exit 770 | |
| fi | |
| aws_version=$(aws --version | grep -o "aws-cli/\d" | grep -o "\d") | |
| if [ $? -ne 0 -o -z "$aws_version" -o "$aws_version" -lt 2 ]; then | |
| echo -e $RED please install aws-cli version 2+ $NC | |
| exit 1495 | |
| fi | |
| if [ -z "$AWS_PROFILE" ]; then | |
| echo -e $YELLOW Using default profile. $NC | |
| echo -e $YELLOW You can change this using 'export AWS_PROFILE=profileName' $NC | |
| AWS_PROFILE=default | |
| else | |
| echo -e $YELLOW Using $AWS_PROFILE profile. $NC | |
| fi | |
| runConfigure="You might want to run 'aws configure sso --profile $AWS_PROFILE'" | |
| ssoCacheFile=$(ls -q ~/.aws/sso/cache/`ls ~/.aws/sso/cache/ | grep -v client | grep -o "[a-z0-9]*.json"` 2>/dev/null) | |
| if [ -z "$ssoCacheFile" ]; then | |
| echo -e $RED Unable to find sso cache file, $runConfigure $NC | |
| exit 1967 | |
| fi | |
| if [ -n "$FLUSH_TOKEN" ]; then | |
| echo -e $YELLOW Flushing token $NC | |
| TMPTOKEN=$(jq '.expiresAt = "1970-01-01T00:00:00Z"' $ssoCacheFile) | |
| echo $TMPTOKEN | tee ${ssoCacheFile} > /dev/null | |
| fi | |
| expiration=$(jq .expiresAt "$ssoCacheFile") | |
| now=$(date -u +\"%Y-%m-%dT%H:%M:%SZ\") | |
| if [[ $expiration < $now ]]; then | |
| echo -e $GREEN Token expired $NC | |
| echo -e $GREEN Login to AWS SSO $NC | |
| aws sso login | |
| else | |
| echo -e $YELLOW Token not expired! $NC | |
| echo -e $YELLOW Configuring... $NC | |
| fi | |
| if [ $? -ne 0 ]; then | |
| echo -e $RED Unable to execute sso login. $runConfigure $NC | |
| exit 1956 | |
| fi | |
| region=`jq .region -Mr $ssoCacheFile` | |
| accessToken=`jq .accessToken -Mr $ssoCacheFile` | |
| if [ -z "$accessToken" ]; then | |
| echo -e $RED Unable to find sso access token, $runConfigure $NC | |
| exit 1948 | |
| fi | |
| echo -e $GREEN Getting accounts from AWS $NC | |
| accountId=`aws configure get sso_account_id` | |
| echo -e $GREEN Getting your role from AWS for account ${accountId} $NC | |
| role=`aws configure get sso_role_name` | |
| echo -e $GREEN Getting your credentials from AWS $NC | |
| credentials=$(aws sso get-role-credentials --role-name=$role --account-id=$accountId --access-token=$accessToken --region=$region) | |
| if [ -z "$credentials" ]; then | |
| echo -e $RED Unable to get credentials, $runConfigure $NC | |
| exit 1973 | |
| fi | |
| AWS_ACCESS_KEY_ID=`echo $credentials | jq -Mr .roleCredentials.accessKeyId` | |
| AWS_SECRET_ACCESS_KEY=`echo $credentials | jq -Mr .roleCredentials.secretAccessKey` | |
| AWS_SESSION_TOKEN=`echo $credentials | jq -Mr .roleCredentials.sessionToken` | |
| aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID | |
| aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY | |
| aws configure set aws_session_token $AWS_SESSION_TOKEN | |
| echo -e $GREEN New credentials file is now configured for account ${accountId} and role ${role} $NC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| GREEN='\033[0;32m' | |
| NC='\033[0m' # No Color | |
| p=$(dirname $0) | |
| echo $p | |
| echo -e $GREEN "*** Trying to login to all profiles ***" $NC | |
| aws configure list-profiles | xargs -I {} -n1 bash -c "AWS_PROFILE={} $p/aws-sso-login.sh" | |
| echo -e $GREEN "*** Done ***" $NC |
Venthe
commented
Sep 12, 2022
•
- https://www.baeldung.com/linux/bash-shebang-lines#:~:text=As%20we%20mentioned%20earlier%2C%23!%2F,commands%20with%20the%20defined%20interpreter.
- https://www.newline.co/courses/newline-guide-to-bash-scripting/errexit
@Venthe errexit is not good when running commands and asserting the result in a separate line - as I did.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment