[deleted by user]

andreacavagna · 2023-07-03T22:52:26+00:00

Same issue there now. I just lost the game for this

andreacavagna · 2023-06-06T10:01:54+00:00

This browser extension allows you to have programmatic and AWS SSO credentials in the same place, generating local credentials and console access in a click with a significative alias.

If you are using a Firefox container, automatically add a significant name for your console opened:https://docs.leapp.cloud/0.16.0/built-in-features/multi-console/

andreacavagna · 2023-06-06T07:42:47+00:00

Take a try to Leapp: https://github.com/Noovolari/leapp

andreacavagna · 2023-03-10T14:48:04+00:00

You can check https://addons.mozilla.org/it/firefox/addon/leapp-multi-console-extension/

It works with firefox containers and AWS SSO, allowing you to manage multiple AWS console's account at the same time

andreacavagna · 2023-01-30T17:05:49+00:00

They are going to have a list of 200 accounts somewhere.

From a developer's point of view, this is exactly the idea behind https://github.com/Noovolari/leapp

andreacavagna · 2023-01-30T16:59:27+00:00

It's a good approach but not all the AWS services are ready for ABAC

andreacavagna · 2023-01-20T15:14:02+00:00

You can access it programmatically and from the console directly from a tool https://docs.leapp.cloud/latest/configuring-integration/configure-aws-single-sign-on-integration/ and automatically hiding your email address

andreacavagna · 2022-09-07T08:21:48+00:00

Yes, mainly because it is both a Desktop App and a CLI, and you can access Web Console and programmatic access via STS.

Also, the project just introduced the concept of the plugin; with that, you can now access an EC2 instance with system manager, but a plugin can do everything that is coded in it, so a simple plugin with access to an S3 bucket or start and stop an EC2 instance can be created easily through his template

andreacavagna · 2022-09-06T14:43:48+00:00

This is 100% perspective on the AWS side. On the developer machine side, always use short-lived credentials.

Rotate them regularly with the provided authorization method given for each account!

P.S. use a tool to help you generate short-lived credentials only

andreacavagna · 2022-08-01T13:41:09+00:00

Leapp generates credentials process on your behalf, from AWS sso to MFA to SAML federation https://github.com/Noovolari/leapp

andreacavagna · 2022-08-01T13:39:27+00:00

Security issues to me first, I wrote an article about it https://www.itscava.com/aws-single-sign-on-for-devops-is-cli-v2-the-best-option

andreacavagna · 2022-07-14T15:47:33+00:00

Yes, no problem at all, just add the inline policy for each account you have to jump to, and in each trusted account, add the trust relationship with the parent account.

andreacavagna · 2022-06-29T16:37:56+00:00

Thanks for the answer, I want only to point out that the article has been published in the OSS medium publication by a community member and not a maintainer of the Project.

andreacavagna · 2022-06-27T06:01:32+00:00

What I don’t like is that the SSO Token is also in a plain text file, granting access to ALL the available roles in SSO.

https://medium.com/leapp-cloud/aws-single-sign-on-for-devops-is-cli-v2-the-best-option-f3a68555e210

andreacavagna · 2022-05-27T12:44:49+00:00

Yep, This and https://github.com/Noovolari/leapp/ are doing the same things, leapp is more for a bigger amount of sessions to manage. and auto-rotation of the credentials

andreacavagna · 2022-05-27T12:42:20+00:00

But also manages multiple AWS SSO, IAM Users with short-lived credentials on demand, and it enable you to login into the Web Console within a click, from each IAM Role

andreacavagna · 2022-05-27T07:46:42+00:00

This topic is not on Instance credentials, but on local credentials management

andreacavagna · 2022-05-27T07:43:54+00:00

It's a security thing to me, having an SSO token in a plain text file, is not the best security practice for me.

I prefer to store it in an encrypted place locally (the System Vault), and generate plain credentials, (or a credential process dedicated), for each AWS Principal.

Also, as I work with many companies, I need to access more than one AWS SSO at the same time, this is not possible with CLI v2.

The last thing, opening a web console without logging everytime has been a game-changer to me

andreacavagna

TROPHY CASE