github.com/aavshr/aws-sdk-go@v1.41.3/aws/credentials/ssocreds/doc.go

github.com/aavshr/aws-sdk-go@v1.41.3/aws/credentials/ssocreds/doc.go (about)

     1  // Package ssocreds provides a credential provider for retrieving temporary AWS credentials using an SSO access token.
     2  //
     3  // IMPORTANT: The provider in this package does not initiate or perform the AWS SSO login flow. The SDK provider
     4  // expects that you have already performed the SSO login flow using AWS CLI using the "aws sso login" command, or by
     5  // some other mechanism. The provider must find a valid non-expired access token for the AWS SSO user portal URL in
     6  // ~/.aws/sso/cache. If a cached token is not found, it is expired, or the file is malformed an error will be returned.
     7  //
     8  // Loading AWS SSO credentials with the AWS shared configuration file
     9  //
    10  // You can use configure AWS SSO credentials from the AWS shared configuration file by
    11  // providing the specifying the required keys in the profile:
    12  //
    13  //  sso_account_id
    14  //  sso_region
    15  //  sso_role_name
    16  //  sso_start_url
    17  //
    18  // For example, the following defines a profile "devsso" and specifies the AWS SSO parameters that defines the target
    19  // account, role, sign-on portal, and the region where the user portal is located. Note: all SSO arguments must be
    20  // provided, or an error will be returned.
    21  //
    22  //  [profile devsso]
    23  //  sso_start_url = https://my-sso-portal.awsapps.com/start
    24  //  sso_role_name = SSOReadOnlyRole
    25  //  sso_region = us-east-1
    26  //  sso_account_id = 123456789012
    27  //
    28  // Using the config module, you can load the AWS SDK shared configuration, and specify that this profile be used to
    29  // retrieve credentials. For example:
    30  //
    31  //  sess, err := session.NewSessionWithOptions(session.Options{
    32  //      SharedConfigState: session.SharedConfigEnable,
    33  //      Profile:           "devsso",
    34  //  })
    35  //  if err != nil {
    36  //      return err
    37  //  }
    38  //
    39  // Programmatically loading AWS SSO credentials directly
    40  //
    41  // You can programmatically construct the AWS SSO Provider in your application, and provide the necessary information
    42  // to load and retrieve temporary credentials using an access token from ~/.aws/sso/cache.
    43  //
    44  //  svc := sso.New(sess, &aws.Config{
    45  //      Region: aws.String("us-west-2"), // Client Region must correspond to the AWS SSO user portal region
    46  //  })
    47  //
    48  //  provider := ssocreds.NewCredentialsWithClient(svc, "123456789012", "SSOReadOnlyRole", "https://my-sso-portal.awsapps.com/start")
    49  //
    50  //  credentials, err := provider.Get()
    51  //  if err != nil {
    52  //      return err
    53  //  }
    54  //
    55  // Additional Resources
    56  //
    57  // Configuring the AWS CLI to use AWS Single Sign-On: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
    58  //
    59  // AWS Single Sign-On User Guide: https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
    60  package ssocreds