I am trying to create a package/application that when given correct SSO credentials can log-in to an AWS S3 bucket.
The answers to this question How to use the AWS Python SDK while connecting via SSO credentials assumes a credentials files. However, I had hoped to be able to run my application on any PC as long as the person who runs it has an AWS account registered with the Start URL.
How I would normally need to set this up is to do:
aws configure sso
# Run through the configuration steps here
then do
import boto3
boto3.setup_default_session(profile_name='sso_profile')
client = boto3.client('s3')
On a fresh machine, aws cli would not be available and I would like to do everything through boto3.
2ps's answered for How to use the AWS Python SDK while connecting via SSO credentials got me far, However I do not know what the "account_id" will be for any given user.
However I do not know what the "account_id" will be for any given user.
account_id is not required in ~.aws/config.
You can make it an input from the user.
[?] Please enter account ID:
>
Or you can use sso list-account to list the accounts present in the user's SSO.
[?] Please select the account to use:
Prd [123456789] <
Acc [987654321]
Dev [786234823]
And since user can have multiple Role per AWS Account, if there are multiple roles, you can use list-account-roles and have the user select which role to use for the account they entered.