exequielrafaela · January 30, 2024 15:28
diff --git a/leverage-credentials-sso.sh b/leverage-credentials-sso.sh
 #!/bin/bash

 #### Pre-requisites
 ## NOTE: You need to install the SSM plugin for the AWS CLI
 ## https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html

 #### Variables initialization
 PROJECT_SHORT="bb"
 FOLDER="le-tf-infra-aws"
 COMMON_CONFIG_FILE="$FOLDER/config/common.tfvars"
 REPO_URL="[email protected]:binbashar/$FOLDER.git"
 AWS_CREDS_DIR="~/.aws/$PROJECT_SHORT"
 AWS_PROFILE="$PROJECT_SHORT-shared-devops"
 SKIP_VALIDATION="yes"

 ##### Change directory to a layer & authenticate via SSO
 echo "Authenticating..."

 if [ ! -d "$FOLDER" ] ; then
    git clone "$REPO_URL" "$FOLDER"
 fi

 if [ ! -f "$COMMON_CONFIG_FILE" ] ; then
    mv $FOLDER/config/common.tfvars.example $COMMON_CONFIG_FILE
 fi

 cd $FOLDER/shared/us-east-1/tools-vpn-server

 leverage aws sso configure

 if [ $? -ne 0 ]; then { echo "Authentication failed, aborting." ; exit 1; } fi

 echo "Done."

 ##### Run init
 echo "Writing credentials file..."

 leverage terraform init

 if [ $? -ne 0 ]; then { echo "Writing credentials failed, aborting." ; exit 1; } fi
 echo "Done."

 ##### Export your AWS creds ENV vars
 echo "Exporting AWS credentials ENV vars..."

 export AWS_SHARED_CREDENTIALS_FILE="$AWS_CREDS_DIR/credentials"
 export AWS_CONFIG_FILE="$AWS_CREDS_DIR/config"

 if [ $? -ne 0 ]; then { echo "Exporting credentials failed, aborting." ; exit 1; } fi
 echo "Done exporting credentials."

 ##### Change AWS config file permissions: Get userID and groupID
 echo "Changing file permissions..."

 sudo chown $(who | awk 'NR==1{print $1}'):$(id -gn) ~/.aws/bb/*

 if [ $? -ne 0 ]; then { echo "Changing file permissions failed, aborting." ; exit 1; } fi
 echo "Done changing file permissions."

 ##### Validate

 ### "yes" to skip credentials validation
 if [ "$SKIP_VALIDATION" = "no" ]; then
  echo "Validating identity..."
  aws sts get-caller-identity --profile $AWS_PROFILE
 fi

 if [ $? -ne 0 ]; then { echo "Validating identity failed, aborting." ; exit 1; } fi

 echo "Done validating."
 echo ""
 echo "Please export AWS credentials ENV vars"
 echo 'export AWS_SHARED_CREDENTIALS_FILE="$AWS_CREDS_DIR/credentials"'
 echo 'export AWS_CONFIG_FILE="$AWS_CREDS_DIR/config"'
 echo "========================================================================================================="
 echo "You are ready to use SSM: aws ssm start-session --target INSTANCE ID --profile PROFILE --region us-east-1"
 echo "eg: aws ssm start-session --target i-019f33xxxxxxxxxxx --profile $AWS_PROFILE --region us-east-1"
 echo "========================================================================================================="
	#!/bin/bash

	#### Pre-requisites
	## NOTE: You need to install the SSM plugin for the AWS CLI
	## https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html

	#### Variables initialization
	PROJECT_SHORT="bb"
	FOLDER="le-tf-infra-aws"
	COMMON_CONFIG_FILE="$FOLDER/config/common.tfvars"
	REPO_URL="[email protected]:binbashar/$FOLDER.git"
	AWS_CREDS_DIR="~/.aws/$PROJECT_SHORT"
	AWS_PROFILE="$PROJECT_SHORT-shared-devops"
	SKIP_VALIDATION="yes"

	##### Change directory to a layer & authenticate via SSO
	echo "Authenticating..."

	if [ ! -d "$FOLDER" ] ; then
	git clone "$REPO_URL" "$FOLDER"
	fi

	if [ ! -f "$COMMON_CONFIG_FILE" ] ; then
	mv $FOLDER/config/common.tfvars.example $COMMON_CONFIG_FILE
	fi

	cd $FOLDER/shared/us-east-1/tools-vpn-server

	leverage aws sso configure

	if [ $? -ne 0 ]; then { echo "Authentication failed, aborting." ; exit 1; } fi

	echo "Done."

	##### Run init
	echo "Writing credentials file..."

	leverage terraform init

	if [ $? -ne 0 ]; then { echo "Writing credentials failed, aborting." ; exit 1; } fi
	echo "Done."

	##### Export your AWS creds ENV vars
	echo "Exporting AWS credentials ENV vars..."

	export AWS_SHARED_CREDENTIALS_FILE="$AWS_CREDS_DIR/credentials"
	export AWS_CONFIG_FILE="$AWS_CREDS_DIR/config"

	if [ $? -ne 0 ]; then { echo "Exporting credentials failed, aborting." ; exit 1; } fi
	echo "Done exporting credentials."

	##### Change AWS config file permissions: Get userID and groupID
	echo "Changing file permissions..."

	sudo chown $(who \| awk 'NR==1{print $1}'):$(id -gn) ~/.aws/bb/*

	if [ $? -ne 0 ]; then { echo "Changing file permissions failed, aborting." ; exit 1; } fi
	echo "Done changing file permissions."

	##### Validate

	### "yes" to skip credentials validation
	if [ "$SKIP_VALIDATION" = "no" ]; then
	echo "Validating identity..."
	aws sts get-caller-identity --profile $AWS_PROFILE
	fi

	if [ $? -ne 0 ]; then { echo "Validating identity failed, aborting." ; exit 1; } fi

	echo "Done validating."
	echo ""
	echo "Please export AWS credentials ENV vars"
	echo 'export AWS_SHARED_CREDENTIALS_FILE="$AWS_CREDS_DIR/credentials"'
	echo 'export AWS_CONFIG_FILE="$AWS_CREDS_DIR/config"'
	echo "========================================================================================================="
	echo "You are ready to use SSM: aws ssm start-session --target INSTANCE ID --profile PROFILE --region us-east-1"
	echo "eg: aws ssm start-session --target i-019f33xxxxxxxxxxx --profile $AWS_PROFILE --region us-east-1"
	echo "========================================================================================================="