AWS SSO-Login and AWS CDK
Synchronising AWS’s credentials file with data from SSO login for CDK usage.
Working in a SSO environment within AWS is quite pleasant: You wake up in the morning, log-in into your company's account and voilá, your S3 is reachable on the tip of your finger!
$ aws sso login --session 'name of your session stored on ~/.aws/config'
$ aws s3 ls # aaaand BINGO! S3 files are here!BUT, if you work with AWS's Typescript CDK (or any language CDK, in fact), you gonna see that that's not that easy. When you use SSO, the common triad AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY_SECRET and AWS_SESSION_TOKEN are not stored in your session. In fact, another kind of auth method/file is used.
$ cdk synth --profile [AN_ACTIVE_LOGGED_IN_SSO_PROFILE]
Error: Unable to resolve AWS account to use.
It must be either configured when you define your CDK Stack,
or through the environment.Those SSO sessions are usually stored in the~/.aws/sso/cache folder, in JSON files where each file timestamp gives the most current logged-in session and the CDK is not yet prepared to use this kind of credentials.
To solve this issue I created this code snippet that will load the AWS_SESSION_TOKEN from the most recent json in ~/.aws/sso/cache/[most-recent].json, generate credentials for all profiles available on your ~/.aws/config and write them into your ~/.aws/credentials
This script is small and it still has a lot to be improved but, so far, does the job of taking the session out of the SSO file and brings it to the credentials file.
Please, feel free to add/improve this script and, also, leave me any ideas on how to improve this. It'll be my pleasure to discuss new methods and apply them to this solution.
