Skip to content

Instantly share code, notes, and snippets.

@rdkls

rdkls/aws-sso-profiles-gen.sh

Created November 3, 2023 03:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rdkls/ce0a8b1e092b326790fc6b86f0a574f5 to your computer and use it in GitHub Desktop.
Save rdkls/ce0a8b1e092b326790fc6b86f0a574f5 to your computer and use it in GitHub Desktop.
Download ZIP
from aws sso pages, generate profile entries for ~/.aws/config
Raw
aws-sso-profiles-gen.sh
#!/bin/bash
PORTALBASE=https://portal.sso.ap-southeast-2.amazonaws.com
REGION=ap-southeast-2
headers="-H 'X-Amz-Sso-Bearer-Token: $TOKEN' -H 'x-amz-sso_bearer_token: $TOKEN'"
if [ -z "$TOKEN" ]; then
echo "Must set $TOKEN before running. Get it from browser login to sso portal, and check header for x-amz-sso_bearer_token"
return 1
fi
get() {
if [ -z "$1" ]; then
echo "Usage: get url"
return 1
fi
local url="$1"
curl -s -H "x-amz-sso_bearer_token: $TOKEN" -H "x-amz-sso-bearer-token: $TOKEN" "$PORTALBASE/$url"
}
#get 'token/whoAmI'
instances=`get 'instance/appinstances'`
accounts=`get 'instance/appinstances' | jq -r .result[]`
jq -c '.' <<< "$accounts" | while read account; do
account_id=$(echo $account | jq -r .searchMetadata.AccountId)
account_name=$(echo $account | jq -r .searchMetadata.AccountName)
account_name=$(echo $account_name | tr '[:upper:]' '[:lower:]' | tr ' ' '-')
account_app_instance_id=$(echo $account | jq -r .id)
profiles=$(get "instance/appinstance/${account_app_instance_id}/profiles" | jq -r .result[])
jq -rc '.' <<< "$profiles" | while read profile; do
role_name=$(echo $profile | jq -r .name)
profile_name=$(echo ${account_name}-${role_name})
cat << EOT
[profile ${profile_name}]
sso_session=asa
sso_account_id=${account_id}
sso_role_name=${role_name}
region=ap-southeast-2
EOT
done
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment