AWS SSO Manager is a Python-based command-line tool that simplifies the management of AWS CLI SSO configurations and Steampipe connections. It allows you to easily set up and manage multiple AWS profiles, authenticate them using AWS SSO, and create corresponding Steampipe connections for seamless integration with Steampipe.
- Prepare AWS CLI SSO configuration for multiple profiles
- Authenticate all profiles using AWS SSO
- Create and update Steampipe connections for each AWS profile
- Clear AWS configuration and Steampipe connection files
- Python 3.x
- AWS CLI
- Steampipe
- Clone the repository:
git clone https://github.com/FlyingPhish/AWS-SSO-Manager && cd AWS-SSO-Manager
- Add this alias to bash or zrc:
alias format-aws-ids="grep -o '[0-9]\{12\}' | sort | uniq | awk 'BEGIN { ORS=\"\"; print \"[\" } { print \"\\\"\" \$0 \"\\\", \" } END { print \"]\" }' | sed 's/, ]/]/'"
usage: sso-manager.py [-h] {prep,auth,steampipe,clear,clear_steampipe} ...
Manage AWS CLI SSO configuration.
positional arguments:
{prep,auth,steampipe,clear,clear_steampipe}
commands
prep Prepare AWS configuration
auth Authenticate all profiles
steampipe Create Steampipe connections
clear Clear AWS configuration
clear_steampipe Clear Steampipe AWS connection file
options:
-h, --help show this help message and exit
- Browse to the AWS access portal
- Select table contents and copy
- Either paste the content into a file (cat > file.txt; cat file.txt | format-aws-ids) or paste your clipboard and pipe into the alias (pbpaste | format-aws-ids)
- Copy formatted list of accounts IDs ["x","x","x"]
- Run this command
python3 sso-manager.py prep -r SecurityAudit (roleName) -sr eu-west-2 (sso login region) -u https://x.awsapps.com/start/# (sso url) -i '["x", "x", "x"] (formatted list of IDs)'
python3 sso-manager.py auth
- This will open the link in your browser and wait for you to click through the approval pages. This will repeat for every account and then will run get-caller-identity in CLI to show you the details.
python3 sso-manager.py steampipe
- This will copy the profiles from aws/config, then create a connection for each, then will either create or modify the default aws connection to include all the new connections so you can run steampipe against all profiles.
- You can modify the command to run
python3 sso-manager.py steampipe -re (--regions) "eu-west-1,eu-west-2"
to limit the scope to the set regions as the default value will use all regions.
python3 sso-manager.py clear
python3 sso-manager.py clear_steampipe