v1.8.0

Overview

This release adds support for multiple active AWS Console sessions when using Firefox and the
Open URL in Container plugin. For more details on this feature, see the docs.

Fixed a number of small bugs and increased unit test coverage to over 75%.

What's Changed

• Manage static API creds by @synfinatic in #327
• prompt user when AWS_PROFILE is invalid by @synfinatic in #333
• Redirect users to AWS signin url instead of AWS SSO CLI by @synfinatic in #331
• increase unit tests to 75% by @synfinatic in #334
• small cleanup that was missed last commit by @synfinatic in #335
• Add support for using Firefox containers with console by @synfinatic in #338

Full Changelog: v1.7.5...v1.8.0

v1.7.5

Overview

Bug Fixes

• No longer generate errors for empty History tag in cache #305
• No longer print the federated console url on errors by default #314
• Fully delete items from the keyring #320
• Fixed error when tried to save more than 2.5Kbytes in wincred #308

New Features

• Add support for --url-action printurl and exec #303
• list command now prints how long until the AWS SSO session expires #313

Changes

• Add additional unit tests
• Document how using $AWS_PROFILE with AWS SSO CLI auto-refreshes credentials #270

What's Changed

• more tests for utils by @synfinatic in #294
• add storage/keyring unit tests by @synfinatic in #295
• Fix broken doc links in Configuration section by @drboyer in #297
• update docs for PASSWORD variable by @synfinatic in #301
• More unit tests by @synfinatic in #296
• Add UrlAction: printurl and exec by @synfinatic in #306
• refactor logger and fix History tag expiration (WIP) by @synfinatic in #307
• Fix underlying problem with missing History tag by @synfinatic in #309
• Improve docs and tweak config/setup for new url-action by @synfinatic in #311
• No longer print AWS federated URL by default by @synfinatic in #315
• list command now prints AWS SSO session expire time by @synfinatic in #317
• Document how using $AWS_PROFILE auto-refreshes credentials by @synfinatic in #318
• document mac sync by @synfinatic in #321
• split credentials when we are using windows by @monwolf in #310
• correctly delete items from keyring by @synfinatic in #320

New Contributors

• @drboyer made their first contribution in #297

Full Changelog: v1.7.4...v1.7.5

v1.7.4 - Maintenance / bug fixes

Overvew

This is a maintenance / bug fix release intended to improve the stability of AWS SSO CLI.

See the Changelog for more details.

What's Changed

• Start doing basic mocks of AWS SSO API by @synfinatic in #285
• No longer read ~/.aws/credentials by @synfinatic in #288
• improve aws sso unit tests by @synfinatic in #289
• document how to select FIPS endpoints by @synfinatic in #290
• Tell Koanf to treat AccountIds as a string by @synfinatic in #293

Full Changelog: v1.7.3...v1.7.4

v1.7.3 - Fix `process` command

Overview

Fixes a bug processing CLI arguments which broke the process command

What's Changed

• Fix condition by @mouchar in #283
• continue refactor/cleanup of awssso code by @synfinatic in #282

New Contributors

• @mouchar made their first contribution in #283

Full Changelog: v1.7.2...v1.7.3

v1.7.2 - Support specifying roles via --profile and fix SSO Access Token issue

Overview

• Users can now select a role to assume by specifying the profile name via --profile or -p
• console -p is now console -P to force prompting
• Fix issue where SSO Access Tokens were expiring before their expire time and aws-sso was unable to continue. We now automatically detect this error and force a re-authentication.
• Update to AWS Go SDK v2

What's Changed

• compare vs. aws-vault by @synfinatic in #271
• Support specifying the profile name for role by @synfinatic in #273
• improve docs and improve -p flag for process by @synfinatic in #274
• Update to AWS Go SDK v2 by @synfinatic in #278
• Refresh SSO AccessToken if first attempt errors out by @synfinatic in #281

Full Changelog: v1.7.1...v1.7.2

v1.7.1 - Fix lots of bugs and small feature enhancements

Overview

Bug Fixes

• AWS_SSO env var is now set with the eval and exec command #251
• Fix broken auto-complete for non-Default AWS SSO instances #249
• Fix incorrect AWS_SSO_SESSION_EXPIRATION values #250
• Remove old config settings that no longer exist #254
• cache command no longer flushes the Expires field for role credentials
  or the role History
• Auto-guided setup now loads the config so the user defined command is
  successful #260
• default list command will now refresh the cache if necessary

Changes

• flush now flushes the STS IAM Role credentials first by default #236
• Guided setup now uses the hostname or FQDN instead of full URL for the SSO StartURL #258

New Features

• Add a lot more ProfileFormat functions via sprig #244
• flush command gives users more control over what is flushed
• Add documentation for SourceIdentity for AssumeRole operations
• Add EnvVarTags config file option #134

What's Changed

• Typo fix by @rgarrigue in #243
• Add support for a lot more ProfileFormat functions by @synfinatic in #245
• Give users more control over what is flushed by @synfinatic in #246
• document SourceIdentity config option by @synfinatic in #247
• Add custom environment variable support by @synfinatic in #248
• Correctly set AWS_SSO env variable by @synfinatic in #252
• Fix auto-complete when DefaultSSO != Default by @synfinatic in #253
• Fix AWS_SSO_SESSION_EXPIRATION with Via by @synfinatic in #255
• refresh cache will remove old data and keep history by @synfinatic in #256
• Don't flush role Expires field with cache by @synfinatic in #257
• prompt users for hostname instead of URL by @synfinatic in #259
• Fix auto-guided setup not loading config by @synfinatic in #261
• Really fix setup -> list/etc & default log level by @synfinatic in #262
• fix eval --clear by @synfinatic in #263
• update demos by @synfinatic in #264

New Contributors

• @rgarrigue made their first contribution in #243

Full Changelog: v1.7.0...v1.7.1

v1.7.0

Overview

• Add support for access AWS SSO roles by setting AWS_PROFILE environment variable, by updating the ~/.aws/config file via the config command
• Users can now provide custom profile names on a per-role basis using the Profile config option
• Improvements in opening URLs to make it easier to use and reliable
• console command now supports non-AWS SSO roles (can use it with AWS API Keys, etc)
• Lots of documentation improvements

What's Changed

• various small improvements by @synfinatic in #224
• Add config support and Profile to Roles by @synfinatic in #225
• add quickstart by @synfinatic in #227
• Generate diff for ~/.aws/config by @synfinatic in #228
• role creds expire really is millisec by @synfinatic in #229
• improve config diff and write file by @synfinatic in #230
• add ConfigVariables option by @synfinatic in #231
• Improve how we open URLs with eval and process/config by @synfinatic in #232
• improve docs / quickstart by @synfinatic in #233
• more documentation improvements by @synfinatic in #237
• console command now supports $AWS_PROFILE by @synfinatic in #239
• more doc cleanups & small improvements by @synfinatic in #241
• Add unique Profile check by @synfinatic in #242

Full Changelog: v1.6.1...v1.7.0

v1.6.1 - Improve multi-AWS SSO Instance support

Overview

This release includes a number of important fixes for users with multiple AWS SSO Instances, detects role chain loops and adds support for chained roles to be found through their Via tag.

Additionally, the AccountAlias tag is no longer copied to the AccountName tag and fewer logs should be visible at the warn level.

What's Changed

• Via role option is now a tag by @synfinatic in #202
• detect role chain loops by @synfinatic in #203
• Fix AccountName/AccountAlias tags by @synfinatic in #204
• Create issue templates by @synfinatic in #215
• Honor DefaultSSO config option by @synfinatic in #216
• Setup now defaults to warn by @synfinatic in #217
• console command now honors non-Default AWS SSO instances by @synfinatic in #220
• reduce number of warnings by @synfinatic in #218
• update copyright to 2021-2022 by @synfinatic in #221
• cache multiple SSO Instances correctly by @synfinatic in #223

Full Changelog: v1.6.0...v1.6.1

v1.6.0 - Add role chaining support

Overview

Two major changes:

1. Add role chaining support for roles which can not be assumed directly via AWS SSO
2. Fix a stupid bug where the parsing/generation code for AWS Role ARNs was missing a colon. Will now properly parse ARNs passed to the -a flag

What's Changed

• add LogLevel to setup by @synfinatic in #185
• Add setup --default-level and fix --level error by @synfinatic in #186
• remove bogus warning under windows/wincred by @synfinatic in #187
• Remove eval and fix exec on Windows by @synfinatic in #190
• fix build error by @synfinatic in #191
• Role chaining by @synfinatic in #193
• fix role chaining session name by @synfinatic in #196
• Add cache versioning support by @synfinatic in #197
• release v1.6.0 by @synfinatic in #198

Full Changelog: v1.5.1...v1.6.0

Improve guided setup

Overview

Mostly a bug fix release for various issues during guided setup during first run. Guided setup now also prompts for HistoryLimit and HistoryMinutes

What's Changed

• update homebrew to v1.5.0 and update faq by @synfinatic in #177
• Lots of setup improvements by @synfinatic in #180
• fix bell/warning when selecting items during setup by @synfinatic in #181
• improve docs by @synfinatic in #182

Full Changelog: v1.5.0...v1.5.1