Reduce password prompts with macOS KeyChain

Overview

aws-sso now stores data in a single record in the login KeyChain on macOS instead of a custom AWSSSOCli keychain. This has the nice side effect of dramatically reducing the number of password prompts users should experience.

Additionally, we now support limiting History items based on time via the HIstoryMinutes option. By default, roles will disappear from the History tag after 24hrs or once you reach HistoryLimit items- which ever comes first.

Lastly, the console command no longer supports the --use-sts flag as it was superfluous. Users wishing to not use the current AWS credentials in their environment should specify --prompt or the appropriate --arn or --account and --role flags.

What's Changed

• Add a FAQ by @synfinatic in #167
• Switch to a single keyring entry by @synfinatic in #170
• add more unit tests by @synfinatic in #172
• Remove console --use-sts, add --prompt by @synfinatic in #173
• Improve file based keyring by @synfinatic in #174
• Add support for HistoryMinutes by @synfinatic in #176

Full Changelog: v1.4.0...v1.5.0

Overhaul how we manage environment variables and lots more

Overview

Breaking Changes

• Standardize on AWS_SSO prefix for environment variables
• Remove --region flag for eval and exec commands
• console -use-env is now console --use-sts to be more clear
• Building aws-sso now requires Go v1.17+

New Features

• Add a simple wizard to configure aws-sso on first run if no ~/.aws-sso/config.yaml
  file exists
• Update interactive selected item color scheme to be easier to read. #138
• Add eval --clear and eval --refresh
• Add full support for DefaultRegion in config.yaml
• Add --no-region flag for eval and exec commands
• Add process command for AWS credential_process in ~/.aws/config #157
• Add ConsoleDuration config option #159
• Improve documentation of environment variables

Bug Fixes

• exec now updates the ENV vars of the forked processs rather than our own process
• eval no longer prints URLs #145
• Will no longer overwrite user defined AWS_DEFAULT_REGION #152
• Fix bug where cache auto-refresh was not saving the new file, causing future
  runs to not utilize the cache
• Remove --duration option from commands which don't support it
• LogLevel and UrlAction in the config yaml now work #161
• Add more unit tests & fix underlying bugs

What's Changed

• update interactive select bar color scheme by @synfinatic in #140
• Create the config.yaml on first run by @synfinatic in #141
• add lint to make test by @synfinatic in #142
• Remove renew and add eval by @synfinatic in #143
• Fix broken default command by @synfinatic in #144
• add UrlAction to auto-config by @synfinatic in #146
• fix eval when printing by @synfinatic in #147
• Add TOC and more pedantic abouve ENV vars by @synfinatic in #151
• Rework how we manage the AWS_DEFAULT_REGION by @synfinatic in #153
• clear AWS_SSO_DEFAULT_ROLE when doesn't match by @synfinatic in #154
• Add more unit test & cleanup by @synfinatic in #155
• Fix caching and add process command by @synfinatic in #158
• completely rework environment variables by @synfinatic in #160
• Add ConsoleDuration config option by @synfinatic in #162
• Fix LogLevel and UrlAction settings in config file by @synfinatic in #163
• clean up in prep for v1.4.0 release by @synfinatic in #164

Full Changelog: v1.3.1...v1.4.0

Bug fixes

Overview

This release fixes two bugs and one security enhancement:

• console command incorrectly required --url-action and --browser
• Using auto-complete with the --arn flag did not work
• No longer print the federated login URL for the console unless specifying --url-action print

What's Changed

• Fix missing --url-action & update main args by @synfinatic in #136
• Fix autocomplete for -a <arn> by @synfinatic in #137

Full Changelog: v1.3.0...v1.3.1

Add auto-complete and improve history support

Overview

• Add auto-complete support
• History is now sorted by time and includes how long since last use
• --cache option is no longer supported
• Lots of code cleanup & quality improvements

What's Changed

• add and improve code report card by @synfinatic in #125
• Fix more golint errors by @synfinatic in #126
• add codecov support by @synfinatic in #127
• fix readme by @synfinatic in #128
• Add auto-complete support by @synfinatic in #129
• Add timestamp to history & fix sorting by @synfinatic in #130

Full Changelog: v1.2.3...v1.3.0

Add history support and bug fixes

Overview

• AWS SSO CLI now keeps track of your last X (10 by default) assumed roles for quick and easy repeat access. You can change the number of roles to remember via the HistoryLimit option.
• The list command now also supports overriding the default fields to display via the ListFields option.
• The tags command -R and -A options now work as intended
• The Linux rpm & deb packages for ARM64 now include ARM64 binaries (instead of x86_64)

What's Changed

• add history support #29 by @synfinatic in #114
• Continue working on unit tests by @synfinatic in #115
• Fix bugs when using tags -R/-A by @synfinatic in #117
• Update README.md by @synfinatic in #118
• Add missing tags when not defining roles in config.yaml by @synfinatic in #119
• Add support for ListFields in config.yaml by @synfinatic in #120
• Add testing badge by @synfinatic in #121
• Fix broken ARM64 packages which installed AMD64 binaries by @synfinatic in #122

Full Changelog: v1.2.2...v1.2.3

Add Linux packages and improve list command

Overview

Added RPM and DEB packages for Linux x86_64 & ARM64. Improved the list command by adding additional optional columns and defaulting to the AWS administrator defined AWS Account Alias instead of the user-configured AWS Account Name in config.yaml.

What's Changed

• Move homebrew code to a submodule by @synfinatic in #108
• Add support for building rpm/deb packages by @synfinatic in #109
• Added tests to PR by @monwolf in #102
• use AccountAlias in list command by @synfinatic in #112

Full Changelog: v1.2.1...v1.2.2

Lots of Improvements and bug fixes

What's Changed

• Add customizable color support #79
• Simplify options for handling URLs and refactor internals #82
• Rework how defaults are handled/settings loaded
• Remove references to duration in config which don't do anything
• Add additional config file options:
  - UrlAction
  - LogLevel
  - LogLines
  - DefaultSSO
• Replace --print-url with --url-action #81
• Add support for DefaultRegion in config file #30
• console command now supports --region
• list command now reports expired and has constant sorting of roles #71
• Fix bug where STS token creds were cached, but not reused.
• list -f now sorts fields
• Use cache for tracking when STS tokens expire
• exec command now ignores arguments intended for the command being run #93
• Remove -R as a short version of --sts-refresh to avoid collision with exec role #92
• Fix finding $HOME directory on Windows and make GetHomePath() cross platform #100
• Fix issue with AWS AccountID's with leading zeros. #96
• Optionally delete STS credentials from secure store cache #104
• Add support for Brew #52

New Contributors

• @monwolf made their first contribution in #94

Full Changelog: v1.2.0...v1.2.1

Major improvements

Pretty significant changes since 1.1.0 with a significant code refactoring, adding unit tests, new features and tons of bug fixes.

• console command now can use ENV vars via --use-env #41
• Fix bugs in console with invalid CLI parsing
• Tag keys and values are now separate choices #49
• Auto-complete options are now sorted
• Started writing some unit tests
• Do SSO authentication after role selection to improve performance
  even when we have cached creds
• Add support for AWS_SSO_PROFILE env var and ProfileFormat in config #48
• Auto-detect when local cache it out of date and refresh #59
• Add support for cache command to force refresh AWS SSO data
• Add support for renew command to refresh AWS credentials in a shell #63
• Rename --refresh flag to be --sts-refresh
• Remove --force-refresh flag from list command
• Add role metadata when selecting roles #66

Add support for login to AWS Console

Mostly bug fixes and small enhancements.

• Move role cache data from SecureStore into JSON CacheStore #26
• exec command will abort if a conflicting AWS Env var is set #27
• Add time command to report how much time before the current STS token expires #28
• Add support for printing Arn in list #33
• Add console support to login to AWS Console with specified role #36
• -c no longer is short flag for --config

Small usability enhancements

• Add macOS/M1 support
• Improve documentation
• Fix version output
• Change exec prompt to work around go-prompt bug
• Typing exit now exits without an error
• Add help on how to exit via exit or ctrl-d