AWS SSO populate config
When using AWS with Identity centre you will have many roles available to use. Depending on your setup thre may be upwards of 1000 roles and accounts.
Generating that config by hand is nearly impossible
How
We can make use of aws-sso-util ⧉ package
Install aws-sso-util
Backup your current config
Ensure you back up your config
This page has you run commands that will permanently alter the config so if you need something, make sure you've backed it up
I warned you!
Generate config
You will need to know your AWS Start URL which is the URL you go to for the identity centre.
Usually this is https://<company-name>.awsapps.com/start/
To configure aws-sso-util you can either set environment variables or add to your ~/.aws/config file
Set the below environment variables
AWS_DEFAULT_SSO_START_URLAWS_DEFAULT_SSO_REGION(the region that you've configured Identity Center in)
Below is an example for compyname whose identity centre is in eu-west-2
Once configured in your method of choice, you can now generate the profiles
The below command will generate the profiles in DRY RUN mode, so it does not modify you .aws/config file
Once you're happy, you can click the tab Set default region for all profiles or Set several regions for each profile
Note
This will overwrite your ~/.aws/config
Ensure you've got a back up
Testing
Now that you've got all the roles configured, test that it's working
Change profile using something like awsctx
Run the below and pick a role of your choice
You should see an output like
{
"UserId": "7U67JA0MQJ3ZL0M3A342G4:user.name@companyname.domain",
"Account": "830049139240",
"Arn": "arn:aws:sts::830049139240:assumed-role/AWSReservedSSO_role_name_skdhjf44/user.name@companyname.domain"
}
Want to make this site better? Open a PR, help fund hosting costs or message me on Matrix