aws-sso-util
glide
aws-sso-util | glide | |
---|---|---|
6 | 4 | |
916 | 234 | |
- | 0.4% | |
2.5 | 6.6 | |
about 1 month ago | 3 months ago | |
Python | Go | |
Apache License 2.0 | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
aws-sso-util
-
an easier way to have aws account credentials in the credentials file
This tool allows you to configure all accounts your SSO has access to as well as login to all of them at once: https://github.com/benkehoe/aws-sso-util
- AWS SSO: Strategy for access to all member accounts
-
aws-sso-util — what a fantastic project
I just wanted to give a shout out to the maintainers of https://github.com/benkehoe/aws-sso-util . It fills in so many little gaps with AWS SSO (which itself may be a bit clunky, but is a service I wish more people made use of). If you're using CloudFormation to manage SSO access to various organisation accounts, this project provides a really great CloudFormation Macro to make everything easier.
-
Adding AWS SSO and controlling permissions
AWS SSO prevents the need to store credentials on disk. Adding and removing users from a group dynamically changes their permissions, and you can customise the maximum session durations. There are some shortcomings with the service, and if you want to get more involved, it's worth checking out aws-sso-util by Ben Kehoe.
-
Is there a way to have multiple config files for multiple AWS accounts
Only in rare cases where I work with tooling that can't support SSO vended credentials do I configure my .config profiles with a credential helper script like Ben's stuff over at https://github.com/benkehoe/aws-sso-util
- benkehoe/aws-sso-util: Smooth out the rough edges of AWS SSO (temporarily, until AWS makes it better).
glide
-
AWS SSO: Strategy for access to all member accounts
Especially for occasional access, I recommend implementing a request/approval workflow. It is still an early product, but Common Fate has a tool for this that I’m really excited about. https://github.com/common-fate/common-fate
-
IAM Identity Center and SAML assertions
Take a look at Common Fate
-
Who Cares About Least Privilege?
Honestly? I don’t know. On a more granular level, each of the above problems have their own solution. Talk to your coworkers about how you trust them, you just don’t want to take unnecessary risks. Make sure to do good security design before you need to pay KPMG $25 million to fix it for you. Talk to your coworkers about what their jobs actually are. Check out our Github repo, etc. etc.
-
Prevent Logging Secrets in Go by Using Custom Types
If you want to check out the code for yourself, here’s a Go Playground link. And if you’re interested in seeing how we’ve implemented this in our own project, you can check out our gconfig package.
What are some alternatives?
awesome-aws - A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.
consoleme - A Central Control Plane for AWS Permissions and Access
sceptre - Build better AWS infrastructure
granted - The easiest way to access your cloud.
aws-cloudformation-templates - Cloud Formation Templates for getting you started in AWS with Fortinet.
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
yawsso - Yet Another AWS SSO - sync up AWS CLI v2 SSO login session to legacy CLI v1 credentials
paco - Paco: Prescribed automation for cloud orchestration