Login to aws sso and create credentials file

aws-sso-login.sh

#!/usr/bin/env bash

RED='\033[0;31m'
YELLOW='\033[0;33m'

GREEN='\033[0;32m'
NC='\033[0m' # No Color

installer=`which brew || which yum || which apt-get`
which jq >/dev/null || $installer install jq

if [ $? -ne 0 ]; then
        if [ -z "$installer" ] ; then 
            echo -e $RED Unable to install jq, unable to find an installer.$NC
            echo -e $RED Get yourself one of brew, yum, or apt!$NC
            echo Someone told me that you can install brew simply running this:
            echo -e $YELLOW '/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"' $NC
            echo -e $YELLOW 'echo "$(brew shellenv)" >> ~/.bash_profile' $NC
            echo -e $YELLOW 'eval "$(brew shellenv)"' $NC
            echo Try and tell me... 
        
            exit 1982
        fi
    echo -e $RED unable to install jq, please run $installer install jq $NC
    exit 770
fi

aws_version=$(aws --version | grep -o "aws-cli/\d" | grep -o "\d")
if [ $? -ne 0 -o -z "$aws_version" -o "$aws_version" -lt 2 ]; then
    echo -e $RED please install aws-cli version 2+ $NC
    exit 1495
fi
if  [ -z "$AWS_PROFILE" ]; then 
    echo -e $YELLOW Using default profile. $NC
    echo -e $YELLOW You can change this using 'export AWS_PROFILE=profileName' $NC
    AWS_PROFILE=default
else
    echo -e $YELLOW Using $AWS_PROFILE profile. $NC
fi
runConfigure="You might want to run 'aws configure sso --profile $AWS_PROFILE'"


ssoCacheFile=$(ls -q ~/.aws/sso/cache/`ls ~/.aws/sso/cache/ | grep -v client | grep -o "[a-z0-9]*.json"` 2>/dev/null)

if [ -z "$ssoCacheFile" ]; then 
    echo -e $RED Unable to find sso cache file, $runConfigure $NC
    exit 1967
fi

if [ -n "$FLUSH_TOKEN" ]; then
    echo -e $YELLOW Flushing token $NC
    TMPTOKEN=$(jq '.expiresAt = "1970-01-01T00:00:00Z"' $ssoCacheFile)
    echo $TMPTOKEN | tee ${ssoCacheFile} > /dev/null
fi

expiration=$(jq .expiresAt "$ssoCacheFile")
now=$(date -u +\"%Y-%m-%dT%H:%M:%SZ\")

if [[ $expiration < $now ]]; then
    echo -e $GREEN Token expired $NC
    echo -e $GREEN Login to AWS SSO $NC
    aws sso login
else 
    echo -e $YELLOW Token not expired! $NC
    echo -e $YELLOW Configuring... $NC
fi


if [ $? -ne 0 ]; then 
    echo -e $RED Unable to execute sso login. $runConfigure $NC
    exit 1956
fi

region=`jq .region -Mr $ssoCacheFile`
accessToken=`jq .accessToken -Mr $ssoCacheFile`

if [ -z "$accessToken" ]; then 
    echo -e $RED Unable to find sso access token, $runConfigure $NC
    exit 1948
fi

echo -e $GREEN Getting accounts from AWS $NC

accountId=`aws configure get sso_account_id`
echo -e $GREEN Getting your role from AWS for account ${accountId} $NC
role=`aws configure get sso_role_name`
echo -e $GREEN Getting your credentials from AWS $NC
credentials=$(aws sso get-role-credentials --role-name=$role --account-id=$accountId --access-token=$accessToken --region=$region)

if [ -z "$credentials" ]; then 
    echo -e $RED Unable to get credentials, $runConfigure $NC
    exit 1973
fi
AWS_ACCESS_KEY_ID=`echo $credentials | jq -Mr .roleCredentials.accessKeyId`
AWS_SECRET_ACCESS_KEY=`echo $credentials | jq -Mr .roleCredentials.secretAccessKey`
AWS_SESSION_TOKEN=`echo $credentials | jq -Mr .roleCredentials.sessionToken`

aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
aws configure set aws_session_token $AWS_SESSION_TOKEN

echo -e $GREEN New credentials file is now configured for account ${accountId} and role ${role} $NC

sso-login-all.sh

#!/usr/bin/env bash
GREEN='\033[0;32m'
NC='\033[0m' # No Color

p=$(dirname $0)
echo $p
echo -e $GREEN "*** Trying to login to all profiles ***" $NC
aws configure list-profiles | xargs -I {} -n1 bash -c "AWS_PROFILE={} $p/aws-sso-login.sh"

echo -e $GREEN "*** Done ***" $NC