Last active
May 21, 2020 19:54
-
-
Save DV8FromTheWorld/52fd7cd6fcc15db709f32c7c64635bca to your computer and use it in GitHub Desktop.
Small bash script wrapper around aws-google-auth to provide easy (but overridable) defaults.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| unset AWS_PROFILE | |
| google_sso_idp='' | |
| google_sso_sp='' | |
| profile='default' | |
| region='us-east-1' | |
| # Put code into a function so that we can quick escape without using 'exit 1' considering | |
| # if this code gets sourced into bash (which it should for proper usage) using 'exit 1' will kill the process. | |
| function fn_aws_google_login() { | |
| while test $# -gt 0; do | |
| case "$1" in | |
| -h|--help) | |
| echo "aws-login - Setup auth for aws" | |
| echo " " | |
| echo "aws-login [options]" | |
| echo " " | |
| echo "Options: Default Description" | |
| echo "-h, --help Shows brief help" | |
| echo "-R, --region=REGION [us-east-1] AWS Region which to log into." | |
| echo "-p, --profile=PROFILE [default] The AWS local profile which to store credentials in" | |
| return 0 | |
| ;; | |
| -R|--region) | |
| flag=$1 | |
| shift | |
| if test $# -gt 0; then | |
| export region=$1 | |
| else | |
| echo "The $flag flag requires a region to be provided with it." | |
| return 1 | |
| fi | |
| shift | |
| ;; | |
| -p|--profile) | |
| flag=$1 | |
| shift | |
| if test $# -gt 0; then | |
| export profile=$1 | |
| else | |
| echo "The $flag flag requires a that profile be specified." | |
| return 1 | |
| fi | |
| shift | |
| ;; | |
| *) | |
| echo "Unrecognized flag $1" | |
| return 1 | |
| break | |
| ;; | |
| esac | |
| done | |
| aws-google-auth -I $google_sso_idp -S $google_sso_sp -a --resolve-aliases --region $region --profile $profile | |
| # Save the desired profile for this instance of bash | |
| export AWS_PROFILE=$profile | |
| # Ensure that the bashrc file exists | |
| touch ~/.bashrc | |
| envVarRegex="(export|EXPORT) AWS_PROFILE=.*" | |
| newEnvVar="export AWS_PROFILE=$profile" | |
| # If the AWS_PROFILE env variable already exists, replace it. | |
| # If it doesnt, add it to the .bashrc file for future bash shell invocations. | |
| if grep -Exq "$envVarRegex" ~/.bashrc; then | |
| sed -Ei "s/$envVarRegex/$newEnvVar/" ~/.bashrc | |
| else | |
| echo $newEnvVar >> ~/.bashrc | |
| fi | |
| } | |
| # Run the function | |
| fn_aws_google_login $* |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Installation
aws-google-login.shfile to a known location on your PC. For the sake of simplicity, I will be storing it in~/.scripts/google_sso_idpandgoogle_sso_spvariables in the file.chmod(chmod 755 ~/.scripts/aws-google-login.sh)PATHRecommended Steps
When the script executes, it will update the
~/.bashrcfile'sAWS_PROFILEexport variable to specify the aws creds profile that the STS credentials were saved into. This variable is important as the CLI/SDKs will look at this variable to determine which credentials to use (if you're usingdefault, this doesn't matter as much).Modifying the
~/.bashrcfile means that new bash invocations will have the environment variable, however, if you ran the script via just runningaws-google-loginthis variable is not setup in the current bash environment.As such, it is recommended that you setup the following alias in your
~/.bashrcfile to ensure that the variable also gets exported to your current environment.alias aws-login=". ~/.scripts/aws-google-login.sh"Then you can execute via:
aws-login