code for article pfeilbr/aws-sso-playground
learn AWS SSO
SSO Access Token
The aws sso CLI commands require the --access-token parameter. First login via sso (e.g. aws sso login --profile root-AWSAdministratorAccess), then run the following to get.
# get cached aws sso accessToken
function aws-access-token() { cat $(ls -1d ~/.aws/sso/cache/* | grep -v botocore) | jq -r "{accessToken} | .[]" }
Demo
list account assignments (AWS::SSO::Assignment)
aws sso-admin list-account-assignments \
--instance-arn 'arn:aws:sso:::instance/ssoins-72234101455cbc87' \
--account-id '529276214230' \
--permission-set-arn 'arn:aws:sso:::permissionSet/ssoins-72234101455cbc87/ps-51eacb02632f0b26'
{
"AccountAssignments": [
{
"AccountId": "529276214230",
"PermissionSetArn": "arn:aws:sso:::permissionSet/ssoins-72234101455cbc87/ps-51eacb02632f0b26",
"PrincipalType": "USER",
"PrincipalId": "906770ec60-e34082a0-033a-4dd2-90cb-9107804545e9"
},
{
"AccountId": "529276214230",
"PermissionSetArn": "arn:aws:sso:::permissionSet/ssoins-72234101455cbc87/ps-51eacb02632f0b26",
"PrincipalType": "USER",
"PrincipalId": "906770ec60-9d6f0b65-701c-4650-b95c-7dab0f6046d7"
}
]
}
Resources
- AWS Single Sign-On Documentation
- aws sso-admin - cli
- benkehoe/aws-sso-util
- AWS::SSO::PermissionSet
- AWS::SSO::Assignment
- How can I get temporary credentials for an AWS Single Sign-On user using the AWS CLI?
Twitter • Reddit