-
Notifications
You must be signed in to change notification settings - Fork 26
Home
With yawsso-v1.0.0 release, the code base has been made especially improvement in terms of security aspect. Part of security revamp, this repo main branch git history has been rewritten to address some 3rd parties (both public and private) DevSecOps scan and reports such as GitGuardian, TruffleHog, Detect Secrets, LGTM, CodeQL, CodeClimate, some internal scans, etc. Here is tweet.
- If you have forked this repo without any major changes made at your copy then I'd recommend to just simply delete and re-fork it.
- If you have some changes and, no upstream PR made then I'd recommend to make a git diff your changes, then delete your copy, re-fork and re-apply your patch on top of the newer code base.
- Apology for inconvenience. But. I had to make this tool to be able to be usable in some strict environment.
This won't apply to normal yawsso CLI user who do not need to touch the source code at all. Simply enjoy the new-improved program. 🙂
-victor
- Tested 2020-06-15
- Seem like the following Boto3 version work with SSO session and credentials process by default.
boto3==1.14.2
botocore==1.17.2
AWS CLI v2 SSO login cache/store credentials is somewhat different to AWS CLI v1 i.e. no longer in ~/.aws/credentials. There are many SDK and tools still depends on this legacy ~/.aws/credentials format.
- boto3 - https://github.com/boto/boto3/issues/2091
- botocore - https://github.com/boto/botocore/issues/1988
- terraform aws provider - https://github.com/terraform-providers/terraform-provider-aws/issues/10851
- cdk - https://github.com/aws/aws-cdk/issues/5455
- cw - https://github.com/lucagrulla/cw/issues/119
- awsbw - https://github.com/jgolob/awsbw
And, https://github.com/aws/aws-cli/issues/4982 in CLI repo itself!!
This tool is originally based on aws_sso.py script but take different approach and depends only on AWS CLI v2 for get-role-credentials. Well, everything else fail (including boto3) except CLI itself, so... ☝️
Someday, we won't need this anymore. But, until then this tool sync up AWS CLI v2 SSO login session to legacy format auto-magically!!
If this tools is not working for you, try the following.
- https://github.com/99designs/aws-vault
- https://github.com/benkehoe/aws-sso-credential-process
- https://github.com/flyinprogrammer/aws-sso-fetcher
- https://gist.github.com/sgtoj/af0ed637b1cc7e869b21a62ef56af5ac
- https://github.com/Versent/saml2aws (screen scraping except Okta)
- https://github.com/cevoaustralia/aws-google-auth